CVE-2022-26143
MiCollab, MiVoice Business Express Access Control Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.
El componente TP-240 (también conocido como tp240dvr) en Mitel MiCollab versiones anteriores a 9.4 SP1 FP1 y MiVoice Business Express versiones hasta 8.1, permite a atacantes remotos obtener información confidencial y causar una denegación de servicio (degradación del rendimiento y tráfico saliente excesivo). Esto fue explotado "in the wild" en febrero y marzo de 2022 para el ataque DDoS TP240PhoneHome
A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-26 CVE Reserved
- 2022-03-09 CVE Published
- 2022-03-25 Exploited in Wild
- 2022-04-15 KEV Due Date
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-10-13 EPSS Updated
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (7)
URL | Date | SRC |
---|---|---|
https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001 | 2023-08-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mitel Search vendor "Mitel" | Micollab Search vendor "Mitel" for product "Micollab" | < 9.4 Search vendor "Mitel" for product "Micollab" and version " < 9.4" | - |
Affected
| ||||||
Mitel Search vendor "Mitel" | Micollab Search vendor "Mitel" for product "Micollab" | 9.4 Search vendor "Mitel" for product "Micollab" and version "9.4" | - |
Affected
| ||||||
Mitel Search vendor "Mitel" | Micollab Search vendor "Mitel" for product "Micollab" | 9.4 Search vendor "Mitel" for product "Micollab" and version "9.4" | sp1 |
Affected
| ||||||
Mitel Search vendor "Mitel" | Mivoice Business Express Search vendor "Mitel" for product "Mivoice Business Express" | <= 8.1 Search vendor "Mitel" for product "Mivoice Business Express" and version " <= 8.1" | - |
Affected
|