Headline
Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data
Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as CVE-2023-43208, the vulnerability has been addressed in version 4.4.1 released on October 6, 2023. "This is an easily exploitable, unauthenticated remote code
Vulnerability / Network Security
Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability.
Tracked as CVE-2023-43208, the vulnerability has been addressed in version 4.4.1 released on October 6, 2023.
“This is an easily exploitable, unauthenticated remote code execution vulnerability,” Horizon3.ai’s Naveen Sunkavally said in a Wednesday report. “Attackers would most likely exploit this vulnerability for initial access or to compromise sensitive healthcare data.”
Called the “Swiss Army knife of healthcare integration,” Mirth Connect is a cross-platform interface engine used in the healthcare industry to communicate and exchange data between disparate systems in a standardized manner.
Additional technical details about the flaw have been withheld in light of the fact that Mirth Connect versions going as far back as 2015/2016 have been found to be vulnerable to the issue.
It’s worth noting that CVE-2023-43208 is a patch bypass for CVE-2023-37679 (CVSS score: 9.8), a critical remote command execution (RCE) vulnerability in the software that allows attackers to execute arbitrary commands on the hosting server.
While CVE-2023-37679 was described by its maintainers as only affecting servers running Java 8, Horizon3.ai’s analysis found that all instances of Mirth Connect, regardless of the Java version, were susceptible to the problem.
Given the ease with which the vulnerability can be trivially abused, coupled with the fact that the exploitation methods are well known, it’s recommended to update Mirth Connect, particularly that are publicly accessible over the internet, to version 4.4.1 as soon as possible to mitigate potential threats.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and assigned CVE-2023-37679. Later, researchers from Horizon3.ai determined the patch to be incomplete and published a gadget chain which bypassed the deny list that the original had implemented. This second vulnerability was assigned CVE-2023-43208 and was patched in Mirth Connect version 4.4.1. This Metasploit module has been tested on versions 4.1.1, 4.3.0 and 4.4.0.
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. This is a bypass of the patch put in for CVE-2023-37679.
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.