IRONSMITHINTEL
CRITICALCVSS9.8
|
Actively Exploited
|CISA KEV|CVE-2022-26143|Auth: none — unauthenticated|Reboot: required|Manual only

MiCollab, MiVoice Business Express Access Control Vulnerability

A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.

Published Mar 10, 2022 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2022-04-15 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Missing Authentication for Critical Function (CWE-306) vulnerability in Mitel MiCollab, MiVoice Business Express. The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

IT Security
Running micollab: v < 9.4, 9.4; mivoice business express: v ≤ 8.1
Real-world incidentsWhat we've seen

Active exploitation documented in the wild. Threat-research write-up: https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/

How to patch

Manual remediation steps

Apply the Vendor Patch

This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.

CISA required action: Apply updates per vendor instructions.

References

    1
    Vendor advisory: https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001
    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2022-26143
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26143
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2022-26143NVDVendor Advisory