CVE-2022-26143

Description from NVD

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.

Information Acquisition Date:2022-03-31T16:40Z

CVSS 2.0: 9.0 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:C

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Parical	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

https://www.akamai.com/blog/security/phone-home-ddos-attack-vector
source:MISC
tags:Mitigation Third Party Advisory

https://blog.cloudflare.com/cve-2022-26143/
source:MISC
tags:Mitigation Third Party Advisory

https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/
source:MISC
tags:Mitigation Third Party Advisory

https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/
source:MISC
tags:Mitigation Third Party Advisory

https://news.ycombinator.com/item?id=30614073
source:MISC
tags:Issue Tracking Third Party Advisory

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001
source:MISC
tags:Vendor Advisory

https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/
source:MISC
tags:Exploit Press/Media Coverage Third Party Advisory

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URL	Num of Times Referred to
http://patrowl.io	315
http://cyberiqs.com/latestnews	49
https://cvetrends.com	48
https://team-cymru.com/blog/2022/03/08/record-breaking-ddos...	7
https://blog.cloudflare.com/cve-2022-26143	4
https://twitter.com/campuscodi/status/1501226662867914754	3
https://www.akamai.com/blog/security/phone-home-ddos-attack...	3
https://www.shadowserver.org/news/cve-2022-26143-tp240phone...	3

Information from Twitter

User	URL	Info Source	Date
Brandefense	https://twitter.com/Brandefense/status/1640632317474381825/...	Source Brandefense 1640632317474381825	2023/03/28

List of frequently cited URLs

URL	Num of Times Referred to
patrowl.io	315
cyberiqs.com	49
cvetrends.com	48
team-cymru.com	7
blog.cloudflare.com	4
twitter.com	3
www.akamai.com	3
www.shadowserver.org	3

Information from Twitter

User	URL	Info Source
Brandefense	twitter.com	Show Tweet

GitHub Search Results: Up to 10

Name	URL
No Data

GitHub Search Results: Up to 10

Name	URL
No Data

2023/03/28 Score : 0
Added Har-sia Database : 2022/03/09
Last Modified : 2023/03/28
Highest Scored Date : 2022/03/09
Highest Score : 70