Vulnerability Details : CVE-2022-26143

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.
Vulnerability category: Denial of service
Published 2022-03-10 17:47:33
Updated 2022-03-18 19:52:04
Source MITRE
View at NVD,
CVE-2022-26143 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
MiCollab, MiVoice Business Express Access Control Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.
Added on 2022-03-25 Action due date 2022-04-15

Exploit prediction scoring system (EPSS) score for CVE-2022-26143

Probability of exploitation activity in the next 30 days: 3.96%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-26143

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
[email protected]
[email protected]

CWE ids for CVE-2022-26143

  • The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
    Assigned by: [email protected] (Primary)

References for CVE-2022-26143

Products affected by CVE-2022-26143

This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to terms of use!