Critical Vulnerability in NextGen HealthCare Mirth Connect
The critical vulnerability could lead to unauthenticated RCE
Summary
The critical vulnerability could lead to unauthenticated RCE
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
NextGen HealthCare has released security update for a critical severity vulnerability in Mirth Connect. CVE-2023-43208 could allow an unauthenticated attacker to perform remote code execution (RCE) on affected system.
Note: CVE-2023-43208 is a patch bypass of CVE-2023-37679 (CVSSv3 score: 9.8), a previous critical RCE vulnerability in Mirth Connect.
Exploitation of Mirth Connect servers
A proof-of-concept (PoC) has been publicly released for the exploitation of CVE-2023-43208.
Probable exploitation of web-facing Mirth Connect servers in the wild has been reported for February 2024 and the US Cybersecurity and Infrastructure Security Agency (CISA) added it to the Known Exploited Vulnerabilities Catalog in May 2024.
Threat updates
| Date | Update |
|---|---|
| 21 May 2024 |
CISA adds CVE-2023-43208 to Known Exploited Vulnerabilities Catalog
This Cyber Alert has been updated to reflect this information |
| 4 Mar 2024 |
Exploitation of web-facing Mirth Connect servers
Probable exploitation of web-facing Mirth Connect servers has been reported. |
| 17 Jan 2024 |
Proof-of-concept released for exploitation of CVE-2023-43208
The cyber alert has been updated to reflect this change. |
Remediation advice
Affected organisations are encouraged to review Mirth Connect 4.4.1 release note and apply the relevant updates.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 21 May 2024 4:45 pm