| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
| CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector | 8 Mar 202214:00 | – | akamaiblog | |
| CVE-2022-26143 | 10 Mar 202200:00 | – | attackerkb | |
| CVE-2022-26487 | 6 Mar 202203:15 | – | attackerkb | |
| The vulnerability of the TP-240 interface board’s microprogramming software in MiCollab and MiVoice Business Express systems, related to errors in processing XML messages, allows attackers to read and modify the configuration of the vulnerable device or trigger a service failure. | 16 Mar 202200:00 | – | bdu_fstec | |
| CVE-2022-26143 | 9 Mar 202218:35 | – | circl | |
| MiCollab, MiVoice Business Express Access Control Vulnerability | 25 Mar 202200:00 | – | cisa_kev | |
| Mitel Networks MiCollab和Mitel Networks MiVoice Business Express 访问控制错误漏洞 | 10 Mar 202200:00 | – | cnnvd | |
| CVE-2022-26143 | 9 Mar 202215:32 | – | cve | |
| CVE-2022-26143 | 9 Mar 202215:32 | – | cvelist | |
| Mitel MiCollab <= 9.4 SP1 Information Disclosure and DoS (22-0001) | 11 Jun 202400:00 | – | nessus |
| Source | Link |
|---|---|
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2022-26143 |
id: CVE-2022-26143
info:
name: Mitel MiCollab - Information Disclosure & Denial of Service
author: theamanrawat
severity: critical
description: |
Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 contain a vulnerability in the TP-240 component caused by improper handling, letting remote attackers obtain sensitive information and cause denial of service, exploit requires remote access.
impact: |
Attackers can retrieve sensitive information and cause performance degradation or denial of service, including DDoS attacks.
remediation: |
Update to version 9.4 SP1 FP1 or later for MiCollab, and latest version for MiVoice Business Express.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-26143
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-26143
epss-score: 0.87565
epss-percentile: 0.99736
cwe-id: CWE-306
cpe: cpe:2.3:a:mitel:micollab:9.4:-:*:*:*:-:*:*
metadata:
verified: true
shodan-query: html:"MiCollab End User Portal"
max-request: 1
tags: cve,cve2022,mitel,micollab,kev,passive,vkev
http:
- raw:
- |
GET /ucs/micollab/version.json HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "\"version\":")'
- 'compare_versions(version, "< 9.4.0")'
condition: and
extractors:
- type: json
name: version
json:
- '.version'
# digest: 4a0a0047304502210098e8607c03b3d2a16abddb7e8c62b285a34074428faa6763c8bd8db98845c06802204e5247fe7517c0d0fd731aa6b71d87429df5ad146ef02c364a7aad5ab6bfc8f5:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation