Mitel MiCollab <= 9.4 SP1 Information Disclosure and DoS (22-0001)

#%NASL_MIN_LEVEL 80900
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Inc.
#

include('compat.inc');

if (description)
{
  script_id(200313);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/12");

  script_cve_id("CVE-2022-26143");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/15");

  script_name(english:"Mitel MiCollab <= 9.4 SP1 Information Disclosure and DoS (22-0001)");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote web server is affected by an
information disclosure and denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its version number, the Mitel MiCollab software is 9.4 SP1 (9.4.107) or prior. 
It is, therefore, affected by the following vulnerability:

  - A vulnerability has been identified in MiCollab and MiVoice Business Express that 
    may allow a malicious actor to gain unauthorized access to sensitive information and 
    services, cause performance degradations or a denial of service condition on the affected 
    system. If exploited with a denial of service attack, the impacted system may cause 
    significant outbound traffic impacting availability of other services. 
    This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS 
    attack. (CVE-2022-26143)

Note that Nessus has not tested for these issues but has instead relied only on the 
application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://blog.cloudflare.com/cve-2022-26143");
  # https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f392cc29");
  # https://www.mitel.com/document-center/applications/collaboration/micollab/micollab-client/all-releases/en/micollab-client-release-notes
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f9bfbda1");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Mitel MiCollab version 9.4 SP1 FP1 (9.4.109) or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-26143");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/03/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/11");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mitel:micollab");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mitel_micollab_detect.nasl");
  script_require_keys("installed_sw/Mitel MiCollab");
  script_require_ports("Services/www", 443);

  exit(0);
}

include('vcf.inc');
include('http.inc');

var port = get_http_port(default:443);

var app_info = vcf::get_app_info(app:'Mitel MiCollab', port:port, webapp:TRUE);

var constraints = [
  { 'max_version' : '9.4.107', 'fixed_version' : '9.4.109', 'fixed_display' : '9.4 SP1 FP1 (9.4.109)' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE
);