Lucene search
K

Mitel MiCollab - Information Disclosure & Denial of Service

🗓️ 07 Jul 2026 16:50:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 14 Views

Mitel MiCollab vulnerability enables remote information disclosure and denial of service; update.

Related
Refs
Code
id: CVE-2022-26143

info:
  name: Mitel MiCollab - Information Disclosure & Denial of Service
  author: theamanrawat
  severity: critical
  description: |
    Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 contain a vulnerability in the TP-240 component caused by improper handling, letting remote attackers obtain sensitive information and cause denial of service, exploit requires remote access.
  impact: |
    Attackers can retrieve sensitive information and cause performance degradation or denial of service, including DDoS attacks.
  remediation: |
    Update to version 9.4 SP1 FP1 or later for MiCollab, and latest version for MiVoice Business Express.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-26143
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-26143
    epss-score: 0.87565
    epss-percentile: 0.99736
    cwe-id: CWE-306
    cpe: cpe:2.3:a:mitel:micollab:9.4:-:*:*:*:-:*:*
  metadata:
    verified: true
    shodan-query: html:"MiCollab End User Portal"
    max-request: 1
  tags: cve,cve2022,mitel,micollab,kev,passive,vkev

http:
  - raw:
      - |
        GET /ucs/micollab/version.json HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "\"version\":")'
          - 'compare_versions(version, "< 9.4.0")'
        condition: and

    extractors:
      - type: json
        name: version
        json:
          - '.version'
# digest: 4a0a0047304502210098e8607c03b3d2a16abddb7e8c62b285a34074428faa6763c8bd8db98845c06802204e5247fe7517c0d0fd731aa6b71d87429df5ad146ef02c364a7aad5ab6bfc8f5:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 29
CVSS 3.19.8
EPSS0.87565
SSVC
14