Remote Command Execution Vulnerability in NextGen Mirth Connect
CVE-2023-37679

9.8CRITICAL

Key Information:

Vendor: Nextgen
Status: Mirth Connect
Vendor: CVE Published:; 3 August 2023

What is CVE-2023-37679?

A significant remote command execution vulnerability exists in NextGen Mirth Connect version 4.3.0, which allows attackers to execute arbitrary commands on the server hosting the application. This flaw can be exploited remotely, targeting systems that utilize this integration engine for handling health information. Security updates must be applied promptly to mitigate potential impacts from unauthorized command executions that may lead to data breaches or system compromise.

References

http://mirth.com

http://nextgen.com

https://www.ihteam.net/advisory/mirth-connect

EPSS Score

93% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Jul 10, 2023

Nextgen

What is CVE-2023-37679?

References

EPSS Score

CVSS V3.1

Timeline