Unauthenticated Remote Code Execution Vulnerability Affects NextGen Healthcare Mirth Connect Before Version 4.4.1

CVE-2023-43208

9.8CRITICAL

Key Information

Vendor
Nextgen
Status
Mirth Connect
Vendor
CVE Published:
26 October 2023

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 97%πŸ¦… CISA ReportedπŸ“° News Worthy

Summary

CVE-2023-43208 is an unauthenticated remote code execution vulnerability that affects NextGen Healthcare Mirth Connect before version 4.4.1. The vulnerability stems from an incomplete patch of a previous vulnerability, making it a patch bypass issue. It allows for the insecure use of the Java XStream library for unmarshalling XML payloads. This vulnerability is concerning due to the ease of exploitation, potentially leading to the compromise of sensitive healthcare data. A POC script for exploiting this vulnerability has been made available, and organizations using Mirth Connect are strongly advised to update to version 4.4.1 to mitigate the risks associated with this critical vulnerability.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-43208 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-43208-EXPLOIT
Created by K3ysTr0K3R

News Articles

favicon imageHelp Net Security

HHS pledges $50M for autonomous vulnerability management solution for hospitals - Help Net Security

ARPA-H's UPGRADE program aimed at developing an autonomous vulnerability management solution for healthcare IT teams.

7 months ago

favicon imageVicarius

RCE in Mirth Connect - pt. II. (CVE-2023-43208) - vsociety

RCE in Mirth Connect - pt. II. (CVE-2023-43208)PoC videoSummaryCVE-2023-43208 is a serious security bug in NextGen Mirth Connect, a tool used by hospitals and clinics to share patient data. This bug lets...

7 months ago

favicon imageThe Hacker News

NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning

CISA has flagged a critical security flaw in NextGen Healthcare Mirth Connect, linked to remote code execution.

7 months ago

References

https://www.horizon3.ai/nextgen-mirth-connect-remote-code...
http://packetstormsecurity.com/files/176920/Mirth-Connect...

EPSS Score

97% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ¦…

    CISA Reported

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseCISA Database1 Proof of Concept(s)12 News Article(s)
.