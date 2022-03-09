Security researchers from Akamai, Cloudflare, Lumen Black Lotus Labs, Mitel, Netscour, Team Cymru, Telus, and The Shadowserver Foundation have discovered Denial of Service (DDoS) attacks with a huge amplification range: Exceeds 4 billion to 1 and can be launched from a single package. This DDoS has been named CVE-2022-26143.





The flaw lies in some 2,600 Mitel MiCollab and MiVoice Business Express systems that are incorrectly provisioned and for this reason act as PBX gateways to the Internet and have a test mode that should not be exposed to the Internet. On its blog, the Shadowserver Foundation explains that the test installation “can be used to launch a DDoS attack for up to 14 hours of duration through a single packet, resulting in a record-setting packet amplification ratio of 4,294,967,296:1″.

High strength to prevent tracking

The researchers further explained that “it should be noted that this single-packet attack initiation capability has the effect of preventing network operators from tracking who initiated the spoofed attacks. This helps to mask the attack traffic generation infrastructuremaking it less likely that the origin of the attack can be traced”

A driver in Mitel systems contains a command. this one can theoretically produce 4,294,967,294 packages over 14 hours with a maximum possible size of 1,184 bytes.

In addition to updating systems, Mitel users can detect and block inappropriate incoming traffic on UDP port 10074 with standard network defense tools. It’s recommended those who receive the attack to use tools specific defense for DDoS.

Mitel has released software updates that disable public access to the trial feature, while describing the issue as an access control vulnerability that could be exploited for sensitive information.

The first attacks that used the exploit started on February 18 and addressed financial institutions, logistics companies and gaming.

Via | ZDnet