Описание
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.
Ссылки
- ExploitPress/Media CoverageThird Party Advisory
- MitigationThird Party Advisory
- Issue TrackingThird Party Advisory
- Broken LinkMitigationThird Party Advisory
- MitigationThird Party Advisory
- Vendor Advisory
- MitigationThird Party Advisory
- ExploitPress/Media CoverageThird Party Advisory
- MitigationThird Party Advisory
- Issue TrackingThird Party Advisory
- Broken LinkMitigationThird Party Advisory
- MitigationThird Party Advisory
- Vendor Advisory
- MitigationThird Party Advisory
- US Government Resource
Уязвимые конфигурации
Одно из
EPSS
9.8 Critical
CVSS3
9 Critical
CVSS2
Дефекты
Связанные уязвимости
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.
Уязвимость микропрограммного обеспечения интерфейсных плат TP-240 платформ для совместной работы MiCollab и MiVoice Business Express, связанная с ошибками при обработке XML-сообщений, позволяющая нарушителю читать и изменять конфигурацию уязвимого устройства или вызвать отказ в обслуживании
EPSS
9.8 Critical
CVSS3
9 Critical
CVSS2