Описание
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-26143
- https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion
- https://blog.cloudflare.com/cve-2022-26143
- https://news.ycombinator.com/item?id=30614073
- https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143
- https://www.akamai.com/blog/security/phone-home-ddos-attack-vector
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26143
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001
- https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector
Связанные уязвимости
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.
Уязвимость микропрограммного обеспечения интерфейсных плат TP-240 платформ для совместной работы MiCollab и MiVoice Business Express, связанная с ошибками при обработке XML-сообщений, позволяющая нарушителю читать и изменять конфигурацию уязвимого устройства или вызвать отказ в обслуживании