Vulnerability-Lookup

CVE-2022-26143 (GCVE-0-2022-26143)

Vulnerability from cvelistv5 – Published: 2022-03-09 15:32 – Updated: 2025-10-21 23:15

CISA KEVIntel

Summary

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: active Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

n/a
CWE-306 - Missing Authentication for Critical Function

Assigner

mitre

References

8 references

URL	Tags
https://www.mitel.com/en-ca/support/security-advi…	x_refsource_MISC
https://www.akamai.com/blog/security/phone-home-d…	x_refsource_MISC
https://www.shadowserver.org/news/cve-2022-26143-…	x_refsource_MISC
https://news.ycombinator.com/item?id=30614073	x_refsource_MISC
https://blog.cloudflare.com/cve-2022-26143/	x_refsource_MISC
https://team-cymru.com/blog/2022/03/08/record-bre…	x_refsource_MISC
https://arstechnica.com/information-technology/20…	x_refsource_MISC
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource

CISA

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 512d65d3-d470-4945-aaf3-ae286e760d71

Vulnerability ID: CVE-2022-26143

Status: Confirmed

Status Updated: 2022-03-25 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2022-03-25

Asserted: 2022-03-25

Scope

Notes: KEV entry: MiCollab, MiVoice Business Express Access Control Vulnerability | Affected: Mitel / MiCollab, MiVoice Business Express | Description: A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-26143

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-306 CWE-406
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	MiCollab, MiVoice Business Express
Due Date	2022-04-15
Date Added	2022-03-25
Vendorproject	Mitel
Vulnerabilityname	MiCollab, MiVoice Business Express Access Control Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2022-26143

Created: 2026-02-02 12:27 UTC | Updated: 2026-02-06 07:17 UTC

KEVIntel

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 41fc664d-c2d7-454d-950c-d9df5d844274

Vulnerability ID: CVE-2022-26143

Status: Confirmed

Status Updated: 2022-03-25 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2022-03-25

Asserted: 2022-03-25

Scope

Notes: KEVIntel entry: The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain... | Affected: Mitel / MiCollab, MiVoice Business Express | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain...
Vendor	Mitel
Product	MiCollab, MiVoice Business Express
Added Date	2022-03-25T00:00:00.000Z
Cvss Score	9.8
Epss Score	None
Cvss Severity	CRITICAL
Epss Percentile	None
Used In Malware	unknown
Ahead Of Cisa Kev	None
Not Yet In Cisa Kev	False

References

Created: 2026-06-23 14:05 UTC | Updated: 2026-06-23 14:05 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.878Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.akamai.com/blog/security/phone-home-ddos-attack-vector"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=30614073"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.cloudflare.com/cve-2022-26143/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-26143",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T16:38:19.825484Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26143"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-306",
                "description": "CWE-306 Missing Authentication for Critical Function",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:44.508Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26143"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-25T00:00:00.000Z",
            "value": "CVE-2022-26143 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-09T15:32:54.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.akamai.com/blog/security/phone-home-ddos-attack-vector"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://news.ycombinator.com/item?id=30614073"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.cloudflare.com/cve-2022-26143/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-26143",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001",
              "refsource": "MISC",
              "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001"
            },
            {
              "name": "https://www.akamai.com/blog/security/phone-home-ddos-attack-vector",
              "refsource": "MISC",
              "url": "https://www.akamai.com/blog/security/phone-home-ddos-attack-vector"
            },
            {
              "name": "https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/",
              "refsource": "MISC",
              "url": "https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/"
            },
            {
              "name": "https://news.ycombinator.com/item?id=30614073",
              "refsource": "MISC",
              "url": "https://news.ycombinator.com/item?id=30614073"
            },
            {
              "name": "https://blog.cloudflare.com/cve-2022-26143/",
              "refsource": "MISC",
              "url": "https://blog.cloudflare.com/cve-2022-26143/"
            },
            {
              "name": "https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/",
              "refsource": "MISC",
              "url": "https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/"
            },
            {
              "name": "https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/",
              "refsource": "MISC",
              "url": "https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-26143",
    "datePublished": "2022-03-09T15:32:54.000Z",
    "dateReserved": "2022-02-26T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:15:44.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2022-26143",
      "cwes": "[\"CWE-306\", \"CWE-406\"]",
      "dateAdded": "2022-03-25",
      "dueDate": "2022-04-15",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2022-26143",
      "product": "MiCollab, MiVoice Business Express",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.",
      "vendorProject": "Mitel",
      "vulnerabilityName": "MiCollab, MiVoice Business Express Access Control Vulnerability"
    },
    "epss": {
      "cve": "CVE-2022-26143",
      "date": "2026-06-23",
      "epss": "0.87565",
      "percentile": "0.99733"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-04-15",
      "cisaExploitAdd": "2022-03-25",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "MiCollab, MiVoice Business Express Access Control Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*\", \"versionEndExcluding\": \"9.4\", \"matchCriteriaId\": \"0AF7E1EB-87E8-43B2-93BC-D3A978185D69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitel:micollab:9.4:-:*:*:*:-:*:*\", \"matchCriteriaId\": \"93172128-E88F-44FA-923A-E10F7716C6E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitel:micollab:9.4:sp1:*:*:*:-:*:*\", \"matchCriteriaId\": \"251D31AE-6ED3-4F9F-B489-30586A7DD2A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitel:mivoice_business_express:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.1\", \"matchCriteriaId\": \"A9B124E0-A4C8-4133-B144-7EB7AB6F1888\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.\"}, {\"lang\": \"es\", \"value\": \"El componente TP-240 (tambi\\u00e9n conocido como tp240dvr) en Mitel MiCollab versiones anteriores a 9.4 SP1 FP1 y MiVoice Business Express versiones hasta 8.1, permite a atacantes remotos obtener informaci\\u00f3n confidencial y causar una denegaci\\u00f3n de servicio (degradaci\\u00f3n del rendimiento y tr\\u00e1fico saliente excesivo). Esto fue explotado \\\"in the wild\\\" en febrero y marzo de 2022 para el ataque DDoS TP240PhoneHome\"}]",
      "id": "CVE-2022-26143",
      "lastModified": "2024-11-21T06:53:30.983",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 8.5, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-03-10T17:47:32.813",
      "references": "[{\"url\": \"https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Press/Media Coverage\", \"Third Party Advisory\"]}, {\"url\": \"https://blog.cloudflare.com/cve-2022-26143/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://news.ycombinator.com/item?id=30614073\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.akamai.com/blog/security/phone-home-ddos-attack-vector\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Press/Media Coverage\", \"Third Party Advisory\"]}, {\"url\": \"https://blog.cloudflare.com/cve-2022-26143/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://news.ycombinator.com/item?id=30614073\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.akamai.com/blog/security/phone-home-ddos-attack-vector\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-26143\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-03-10T17:47:32.813\",\"lastModified\":\"2026-06-17T04:34:46.337\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.\"},{\"lang\":\"es\",\"value\":\"El componente TP-240 (tambi\u00e9n conocido como tp240dvr) en Mitel MiCollab versiones anteriores a 9.4 SP1 FP1 y MiVoice Business Express versiones hasta 8.1, permite a atacantes remotos obtener informaci\u00f3n confidencial y causar una denegaci\u00f3n de servicio (degradaci\u00f3n del rendimiento y tr\u00e1fico saliente excesivo). Esto fue explotado \\\"in the wild\\\" en febrero y marzo de 2022 para el ataque DDoS TP240PhoneHome\"}],\"affected\":[{\"source\":\"cve@mitre.org\",\"affectedData\":[{\"vendor\":\"n/a\",\"product\":\"n/a\",\"versions\":[{\"version\":\"n/a\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":8.5,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-01-29T16:38:19.825484Z\",\"id\":\"CVE-2022-26143\",\"options\":[{\"exploitation\":\"active\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"cisaExploitAdd\":\"2022-03-25\",\"cisaActionDue\":\"2022-04-15\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"MiCollab, MiVoice Business Express Access Control Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*\",\"versionEndExcluding\":\"9.4\",\"matchCriteriaId\":\"0AF7E1EB-87E8-43B2-93BC-D3A978185D69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitel:micollab:9.4:-:*:*:*:-:*:*\",\"matchCriteriaId\":\"93172128-E88F-44FA-923A-E10F7716C6E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitel:micollab:9.4:sp1:*:*:*:-:*:*\",\"matchCriteriaId\":\"251D31AE-6ED3-4F9F-B489-30586A7DD2A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitel:mivoice_business_express:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.1\",\"matchCriteriaId\":\"A9B124E0-A4C8-4133-B144-7EB7AB6F1888\"}]}]}],\"references\":[{\"url\":\"https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://blog.cloudflare.com/cve-2022-26143/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=30614073\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.akamai.com/blog/security/phone-home-ddos-attack-vector\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://blog.cloudflare.com/cve-2022-26143/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=30614073\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.akamai.com/blog/security/phone-home-ddos-attack-vector\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26143\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.akamai.com/blog/security/phone-home-ddos-attack-vector\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=30614073\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://blog.cloudflare.com/cve-2022-26143/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:56:37.878Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-26143\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T16:38:19.825484Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26143\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-25T00:00:00.000Z\", \"value\": \"CVE-2022-26143 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26143\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-29T16:35:02.024Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.akamai.com/blog/security/phone-home-ddos-attack-vector\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://news.ycombinator.com/item?id=30614073\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://blog.cloudflare.com/cve-2022-26143/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-03-09T15:32:54.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001\", \"name\": \"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.akamai.com/blog/security/phone-home-ddos-attack-vector\", \"name\": \"https://www.akamai.com/blog/security/phone-home-ddos-attack-vector\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/\", \"name\": \"https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/\", \"refsource\": \"MISC\"}, {\"url\": \"https://news.ycombinator.com/item?id=30614073\", \"name\": \"https://news.ycombinator.com/item?id=30614073\", \"refsource\": \"MISC\"}, {\"url\": \"https://blog.cloudflare.com/cve-2022-26143/\", \"name\": \"https://blog.cloudflare.com/cve-2022-26143/\", \"refsource\": \"MISC\"}, {\"url\": \"https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/\", \"name\": \"https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/\", \"refsource\": \"MISC\"}, {\"url\": \"https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/\", \"name\": \"https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-26143\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-26143\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:15:44.508Z\", \"dateReserved\": \"2022-02-26T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-03-09T15:32:54.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2022-AVI-173

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Mitel MiCollab et MiVoice Business Express. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

Mitel déclare fournir un script qui permet de mettre en place une mesure de contournement provisoire pour Micollab versions R8.0 à R9.4 ainsi que pour les versions R8.0 et R8.1 de MiVoice Business Express.

La version R9.4 SP1 FP1 de Micollab est prévue pour mars 2022.

None

Impacted products

	Vendor	Product	Description
	Mitel	MiCollab	Mitel MiCollab versions R9.4 SP1 et antérieures
	Mitel	MiVoice	MiVoice Business Express versions R8.1 et antérieures

References

Title

Publication Time

CERTFR-2022-AVI-173

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

La version R9.4 SP1 FP1 de Micollab est prévue pour mars 2022.

None

Impacted products

	Vendor	Product	Description
	Mitel	MiCollab	Mitel MiCollab versions R9.4 SP1 et antérieures
	Mitel	MiVoice	MiVoice Business Express versions R8.1 et antérieures

References

Title

Publication Time

BDU:2022-01246

Vulnerability from fstec - Published: 22.02.2022

Title

Уязвимость микропрограммного обеспечения интерфейсных плат TP-240 платформ для совместной работы MiCollab и MiVoice Business Express, связанная с ошибками при обработке XML-сообщений, позволяющая нарушителю читать и изменять конфигурацию уязвимого устройства или вызвать отказ в обслуживании

Description

Уязвимость микропрограммного обеспечения интерфейсных плат TP-240 платформ для совместной работы MiCollab и MiVoice Business Express связана с ошибками при обработке XML-сообщений. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, читать и изменять конфигурацию уязвимого устройства или вызвать отказ в обслуживании

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Vendor

Mitel Networks Corp.

Software Name

Mitel MiCollab, MiVoice Business Express

Software Version

до 9.4 SP1 FP1 (Mitel MiCollab), до 8.1 включительно (MiVoice Business Express)

Possible Mitigations

Использование средств межсетевого экранирования для ограничения доступа к UDP-порту 10074. Информация от производителя: https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001 https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_22-0001-01-v2.pdf https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_22-0001-02-v2.pdf

Reference

https://safe-surf.ru/upload/VULN/VULN-20220313.11.pdf https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001 https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_22-0001-01-v2.pdf https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_22-0001-02-v2.pdf https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:P/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Mitel Networks Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 9.4 SP1 FP1 (Mitel MiCollab), \u0434\u043e 8.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MiVoice Business Express)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a UDP-\u043f\u043e\u0440\u0442\u0443 10074.\n\n\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001\nhttps://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_22-0001-01-v2.pdf\nhttps://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_22-0001-02-v2.pdf",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.02.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.03.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-01246",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-26143",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Mitel MiCollab, MiVoice Business Express",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043d\u044b\u0445 \u043f\u043b\u0430\u0442 TP-240 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b MiCollab \u0438 MiVoice Business Express, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 XML-\u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0447\u0438\u0442\u0430\u0442\u044c \u0438 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043d\u044b\u0445 \u043f\u043b\u0430\u0442 TP-240 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b MiCollab \u0438 MiVoice Business Express \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 XML-\u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0447\u0438\u0442\u0430\u0442\u044c \u0438 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://safe-surf.ru/upload/VULN/VULN-20220313.11.pdf\nhttps://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001\nhttps://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_22-0001-01-v2.pdf\nhttps://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_22-0001-02-v2.pdf\nhttps://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,7)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,4)"
}

FKIE_CVE-2022-26143

Vulnerability from fkie_nvd - Published: 2022-03-10 17:47 - Updated: 2026-06-17 04:34

CISA KEVIntel

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/	Exploit, Press/Media Coverage, Third Party Advisory
cve@mitre.org	https://blog.cloudflare.com/cve-2022-26143/	Mitigation, Third Party Advisory
cve@mitre.org	https://news.ycombinator.com/item?id=30614073	Issue Tracking, Third Party Advisory
cve@mitre.org	https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/	Broken Link, Mitigation, Third Party Advisory
cve@mitre.org	https://www.akamai.com/blog/security/phone-home-ddos-attack-vector	Mitigation, Third Party Advisory
cve@mitre.org	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001	Vendor Advisory
cve@mitre.org	https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/	Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/	Exploit, Press/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://blog.cloudflare.com/cve-2022-26143/	Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://news.ycombinator.com/item?id=30614073	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/	Broken Link, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.akamai.com/blog/security/phone-home-ddos-attack-vector	Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/	Mitigation, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26143	US Government Resource

Impacted products

Vendor	Product	Version
mitel	micollab	*
mitel	micollab	9.4
mitel	micollab	9.4
mitel	mivoice_business_express	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "cisaActionDue": "2022-04-15",
  "cisaExploitAdd": "2022-03-25",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "MiCollab, MiVoice Business Express Access Control Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*",
              "matchCriteriaId": "0AF7E1EB-87E8-43B2-93BC-D3A978185D69",
              "versionEndExcluding": "9.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitel:micollab:9.4:-:*:*:*:-:*:*",
              "matchCriteriaId": "93172128-E88F-44FA-923A-E10F7716C6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitel:micollab:9.4:sp1:*:*:*:-:*:*",
              "matchCriteriaId": "251D31AE-6ED3-4F9F-B489-30586A7DD2A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mitel:mivoice_business_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B124E0-A4C8-4133-B144-7EB7AB6F1888",
              "versionEndIncluding": "8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack."
    },
    {
      "lang": "es",
      "value": "El componente TP-240 (tambi\u00e9n conocido como tp240dvr) en Mitel MiCollab versiones anteriores a 9.4 SP1 FP1 y MiVoice Business Express versiones hasta 8.1, permite a atacantes remotos obtener informaci\u00f3n confidencial y causar una denegaci\u00f3n de servicio (degradaci\u00f3n del rendimiento y tr\u00e1fico saliente excesivo). Esto fue explotado \"in the wild\" en febrero y marzo de 2022 para el ataque DDoS TP240PhoneHome"
    }
  ],
  "id": "CVE-2022-26143",
  "lastModified": "2026-06-17T04:34:46.337",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 8.5,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2022-26143",
          "options": [
            {
              "exploitation": "active"
            },
            {
              "automatable": "yes"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2025-01-29T16:38:19.825484Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2022-03-10T17:47:32.813",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Press/Media Coverage",
        "Third Party Advisory"
      ],
      "url": "https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://blog.cloudflare.com/cve-2022-26143/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://news.ycombinator.com/item?id=30614073"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://www.akamai.com/blog/security/phone-home-ddos-attack-vector"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Press/Media Coverage",
        "Third Party Advisory"
      ],
      "url": "https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://blog.cloudflare.com/cve-2022-26143/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://news.ycombinator.com/item?id=30614073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://www.akamai.com/blog/security/phone-home-ddos-attack-vector"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26143"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-XH7F-2C8G-37P4

Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2025-10-22 00:32

Details

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-26143"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-10T17:47:00Z",
    "severity": "CRITICAL"
  },
  "details": "The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.",
  "id": "GHSA-xh7f-2c8g-37p4",
  "modified": "2025-10-22T00:32:30Z",
  "published": "2022-03-11T00:02:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26143"
    },
    {
      "type": "WEB",
      "url": "https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion"
    },
    {
      "type": "WEB",
      "url": "https://blog.cloudflare.com/cve-2022-26143"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=30614073"
    },
    {
      "type": "WEB",
      "url": "https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143"
    },
    {
      "type": "WEB",
      "url": "https://www.akamai.com/blog/security/phone-home-ddos-attack-vector"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26143"
    },
    {
      "type": "WEB",
      "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-26143

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-26143

Aliases

CVE-2022-26143

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-26143",
    "description": "The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.",
    "id": "GSD-2022-26143"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-26143"
      ],
      "details": "The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.",
      "id": "GSD-2022-26143",
      "modified": "2023-12-13T01:19:39.547240Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2022-26143",
      "dateAdded": "2022-03-25",
      "dueDate": "2022-04-15",
      "product": "MiCollab, MiVoice Business Express",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.",
      "vendorProject": "Mitel",
      "vulnerabilityName": "MiCollab, MiVoice Business Express Access Control Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-26143",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001",
            "refsource": "MISC",
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001"
          },
          {
            "name": "https://www.akamai.com/blog/security/phone-home-ddos-attack-vector",
            "refsource": "MISC",
            "url": "https://www.akamai.com/blog/security/phone-home-ddos-attack-vector"
          },
          {
            "name": "https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/",
            "refsource": "MISC",
            "url": "https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/"
          },
          {
            "name": "https://news.ycombinator.com/item?id=30614073",
            "refsource": "MISC",
            "url": "https://news.ycombinator.com/item?id=30614073"
          },
          {
            "name": "https://blog.cloudflare.com/cve-2022-26143/",
            "refsource": "MISC",
            "url": "https://blog.cloudflare.com/cve-2022-26143/"
          },
          {
            "name": "https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/",
            "refsource": "MISC",
            "url": "https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/"
          },
          {
            "name": "https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/",
            "refsource": "MISC",
            "url": "https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mitel:micollab:9.4:sp1:*:*:*:-:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitel:micollab:9.4:-:*:*:*:-:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitel:mivoice_business_express:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-26143"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.akamai.com/blog/security/phone-home-ddos-attack-vector",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "https://www.akamai.com/blog/security/phone-home-ddos-attack-vector"
            },
            {
              "name": "https://blog.cloudflare.com/cve-2022-26143/",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "https://blog.cloudflare.com/cve-2022-26143/"
            },
            {
              "name": "https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/"
            },
            {
              "name": "https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/"
            },
            {
              "name": "https://news.ycombinator.com/item?id=30614073",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://news.ycombinator.com/item?id=30614073"
            },
            {
              "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001"
            },
            {
              "name": "https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Press/Media Coverage",
                "Third Party Advisory"
              ],
              "url": "https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 8.5,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-03-18T19:52Z",
      "publishedDate": "2022-03-10T17:47Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-26143 (GCVE-0-2022-26143)

CISA

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

KEVIntel

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Successful Exploitation Confidence: 70% Source: kevintel

Details

References

CERTFR-2022-AVI-173

Solution

Contournement provisoire

CERTFR-2022-AVI-173

Solution

Contournement provisoire

BDU:2022-01246

FKIE_CVE-2022-26143

GHSA-XH7F-2C8G-37P4

GSD-2022-26143

Tags

Sightings

Nomenclature