/plushcap/analysis/cloudflare/cve-2022-26143-amplification-attack

CVE-2022-26143: A Zero-Day vulnerability for launching UDP amplification DDoS attacks

What's this blog post about?

A zero-day vulnerability called TP240PhoneHome has been discovered in the Mitel MiCollab business phone system (CVE-2022-26143). This vulnerability can be exploited to launch UDP amplification attacks, with an amplification factor of 220 billion percent. Cloudflare customers are protected against this attack. The vulnerability has been exploited since February 18, 2022, and Mitel has issued a high severity security advisory advising their customers to block exploitation attempts using a firewall until a software patch is made available. Cloudflare Magic Transit customers can use the Magic Firewall to block external traffic to the exposed Mitel UDP port 10074. The vulnerability was discovered in the Mitel MiCollab platform, which is used by critical infrastructure such as municipal governments, schools, and emergency services.

Company
Cloudflare

Date published
March 8, 2022

Author(s)
Omer Yoachimik, Alex Forster

Word count
969

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.