Mitel

The Lorenz ransomware gang used a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks.

Lorenz exploited CVE-2022-29499, a remote code execution vulnerability impacting the Mitel Service Appliance component of MiVoice Connect, and obtained a reverse shell and subsequently used Chisel as a tunnelling tool to pivot into the environment.

These devices are used by organizations in critical sectors worldwide (including government agencies), with over 19,000 devices currently exposed to attacks over the Internet.

Though Mitel has addressed the vulnerability by releasing security patches in early June 2022 after releasing a remediation script for affected MiVoice Connect versions in April, the threat actors recently exploited other security flaws impacting Mitel devices in record-breaking DDoS amplification attacks.

Source: https://www.bleepingcomputer.com/news/security/lorenz-ransomware-breaches-corporate-network-via-phone-systems/

"id": "MIT197291022",
"linkid": "mitel",
"type": "Vulnerability",
"date": "04/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"