CVE-2022-26143

Name of the Vulnerable Software and Affected Versions Mitel MiCollab versions prior to 9.4 SP1 FP1 MiVoice Business Express versions prior to 8.1

Description The issue allows remote attackers to obtain sensitive information and cause a denial of service, resulting in performance degradation and excessive outbound traffic. This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack. The vulnerability is related to errors in processing XML messages in the TP-240 component. Approximately 2000 devices are estimated to be vulnerable, which can be used for DDoS attacks with a significant amplification ratio. The attack can be initiated with a single UDP packet.

Recommendations For Mitel MiCollab versions prior to 9.4 SP1 FP1, update to version 9.4 SP1 FP1 or later to resolve the issue. For MiVoice Business Express versions prior to 8.1, update to version 8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable tp240dvr service and disabling the UDP port 10074 to minimize the risk of exploitation.