CVE-2022-26143

CRITICAL KEV NUCLEI

Mitel MiCollab - Information Disclosure & Denial of Service

Title source: nuclei
STIX 2.1

Exploitation Summary

CVE-2022-26143 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 25, 2022. A Nuclei detection template is also available.

Description

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.

Nuclei Templates (1)

Mitel MiCollab - Information Disclosure & Denial of Service
CRITICALVERIFIEDby theamanrawat
Shodan: html:"MiCollab End User Portal"

References (8)

Core 8
Core References
Mitigation, Third Party Advisory x_refsource_misc
https://www.akamai.com/blog/security/phone-home-ddos-attack-vector
Issue Tracking, Third Party Advisory x_refsource_misc
https://news.ycombinator.com/item?id=30614073
Mitigation, Third Party Advisory x_refsource_misc
https://blog.cloudflare.com/cve-2022-26143/
Broken Link, Mitigation, Third Party Advisory x_refsource_misc
https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/

Scores

CVSS v3 9.8
EPSS 0.8915
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2022-03-25
VulnCheck KEV 2022-03-08
InTheWild.io 2022-03-10
ENISA EUVD EUVD-2022-30710
CWE
CWE-306
Status published
Products (3)
mitel/micollab 9.4 (2 CPE variants)
mitel/micollab < 9.4
mitel/mivoice_business_express < 8.1
Published Mar 10, 2022
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026