CVE-2022-26143: A Zero-Day vulnerability for launching UDP amplification DDoS attacks

A zero-day vulnerability called TP240PhoneHome has been discovered in the Mitel MiCollab business phone system (CVE-2022-26143). This vulnerability can be exploited to launch UDP amplification attacks, with an amplification factor of 220 billion percent. Cloudflare customers are protected against this attack. The vulnerability has been exploited since February 18, 2022, and Mitel has issued a high severity security advisory advising their customers to block exploitation attempts using a firewall until a software patch is made available. Cloudflare Magic Transit customers can use the Magic Firewall to block external traffic to the exposed Mitel UDP port 10074. The vulnerability was discovered in the Mitel MiCollab platform, which is used by critical infrastructure such as municipal governments, schools, and emergency services.