CVE-2022-26143

Name: CVE-2022-26143
Creator: NVD / NIST
Published: 2022-03-10T17:47:32.813+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10Actively ExploitedEPSS 87.56%

Last modified Jun 17, 2026

CVE-2022-26143 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.. CISA has confirmed active exploitation in the wild. EPSS estimates a 87.56% chance of exploitation in the next 30 days.

Description

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

87.56%

99.7th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Apr 15, 2022.

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Mitel	Micollab	< 9.4
Mitel	Micollab	9.4
Mitel	Mivoice Business Express	<= 8.1

References

https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/Exploit, Press/Media Coverage, Third Party Advisory
https://blog.cloudflare.com/cve-2022-26143/Mitigation, Third Party Advisory
https://news.ycombinator.com/item?id=30614073Issue Tracking, Third Party Advisory
https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/Broken Link, Mitigation, Third Party Advisory
https://www.akamai.com/blog/security/phone-home-ddos-attack-vectorMitigation, Third Party Advisory
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001Vendor Advisory
https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/Mitigation, Third Party Advisory
https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/Exploit, Press/Media Coverage, Third Party Advisory
https://blog.cloudflare.com/cve-2022-26143/Mitigation, Third Party Advisory
https://news.ycombinator.com/item?id=30614073Issue Tracking, Third Party Advisory
https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/Broken Link, Mitigation, Third Party Advisory
https://www.akamai.com/blog/security/phone-home-ddos-attack-vectorMitigation, Third Party Advisory
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001Vendor Advisory
https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/Mitigation, Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26143US Government Resource

Timeline

Published: Mar 10, 2022
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2022-26143?

How severe is CVE-2022-26143?

CVE-2022-26143 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 87.56% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2022-26143?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-26143?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST