Ddos vulnerability in Mitel systems could amplify packet 4 billion times

A vulnerability in two Mitel systems can result in a DDOs packet being magnified over four billion times. This allows attackers to launch an attack of up to fourteen hours via a single network packet. The vulnerability is already being exploited and there is an update.

The vulnerabilities are in Mitel’s MiCollab and MiVoice Business Express software packages, say researchers from Cloudflare, Akamai and Mitel, among others. These VoIP systems have internal testing functionality that can stress test the systems by sending a lot of status update traffic to facilitate debugging and performance testing.

However, this TP-240 driver functionality has been misconfigured in approximately 2600 systems, allowing third parties to use the functionality. Malicious persons can thus send a command to a vulnerable Mitel system that causes the VoIP system to send larger status update packets to a target. For example, they can cause a large amount of traffic to a ddos ​​target with a relatively small request payload.

The researchers talk about a packet amplification ratio of almost 4.3 billion : 1. According to Ars Technica, the previous record was memcached, with a packet amplification ratio of 51,000 : 1. The TP-240 vulnerability with a single node total could be almost Send 4.3 billion attack packets, with each packet being amplified to a maximum size of 1184 bytes. In theory, an attack can last about 14 hours at a sustained rate of 80,000 packets per second. During that time, a total of over 2.5TB of DDOs traffic would be targeted at the target. During a ddos ​​attack, the Mitel system cannot be used for a second attack.

Not all MiCollab and MiVoice Business Express systems are susceptible to the vulnerability; it would be 2600 of the tens of thousands sold. The systems have been purchased by governments and large companies, among others. The researchers believe the exploit was first used on February 18.

Criminals would have already included the vulnerability in DDOs services, so that the vulnerability can be used more widely. The largest attack seen to date involved approximately 53 million packets per second with 23Gbit/s of network traffic throughput. The average packet size for that attack was about 60 bytes and the attack lasted about five minutes. A controlled test by the researchers of this DDOs attack vector yielded more than 400 million packets per second of sustained DDOs traffic.

Financial and logistics companies, and providers have already been victims of these attacks. Mitel says it has released an update that can fix the problem and work with companies to prevent the systems from being exploited.