CVE-2022-26143
CVE-2022-26143
In short
A vulnerability in Mitel's TP-240 component allows attackers to access sensitive information and disrupt service by generating excessive traffic. This flaw was actively exploited in 2022 for large-scale DDoS attacks.
Technical detail
The TP-240 component in affected Mitel MiCollab and MiVoice Business Express versions lacks proper authentication controls (CWE-306), allowing unauthenticated remote attackers to trigger excessive outbound traffic and information disclosure. The vulnerability was weaponized for the TP240PhoneHome botnet DDoS campaign in early 2022.
Summary generated and translated by AI from the official description.
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/https://blog.cloudflare.com/cve-2022-26143/https://news.ycombinator.com/item?id=30614073https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/https://www.akamai.com/blog/security/phone-home-ddos-attack-vectorhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26143https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/