Back to KEVs

CVE-2022-26143

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain...

Basic Information

CVE State
PUBLISHED
Reserved Date
February 26, 2022
Published Date
March 09, 2022
Last Updated
January 29, 2025
Vendor
n/a
Product
n/a
Description
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.
Tags
cisa

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

9.0

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2022-03-25 00:00:00 UTC) Source

References

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001 https://www.akamai.com/blog/security/phone-home-ddos-attack-vector https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/ https://news.ycombinator.com/item?id=30614073 https://blog.cloudflare.com/cve-2022-26143/ https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/ https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-03-25 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel