Mitel MiVoice <= 8.1 SP1 Information Disclosure and DoS (22-0001)

#%NASL_MIN_LEVEL 80900
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Inc.
#

include('compat.inc');

if (description)
{
  script_id(200312);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/12");

  script_cve_id("CVE-2022-26143");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/15");

  script_name(english:"Mitel MiVoice <= 8.1 SP1 Information Disclosure and DoS (22-0001)");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote web server is affected by an
information disclosure and denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its version number, the Mitel MiVoice software is R8.1 or prior. 
It is, therefore, affected by the following vulnerability:

  - A vulnerability has been identified in MiCollab and MiVoice Business Express that 
    may allow a malicious actor to gain unauthorized access to sensitive information and 
    services, cause performance degradations or a denial of service condition on the affected 
    system. If exploited with a denial of service attack, the impacted system may cause 
    significant outbound traffic impacting availability of other services. 
    This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS 
    attack. (CVE-2022-26143)

Note that Nessus has not tested for these issues but has instead relied only on the 
application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://blog.cloudflare.com/cve-2022-26143");
  # https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f392cc29");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Mitel MiVoice version 8.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-26143");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/03/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mitel:mivoice_connect");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mitel_mivoice_connect_win_installed.nbin");
  script_require_keys("installed_sw/Mitel MiVoice Connect Server");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'Mitel MiVoice Connect Server');

var constraints = [
  { 'max_version' : '8.1',  'fixed_display' : 'See vendor advisory' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE
);