CVE-2023-43208:
Unauthenticated remote code execution vulnerability in NextGen Healthcare Mirth Connect prior to version 4.4.1, caused by an incomplete patch of CVE-2023-37679.
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:Oct 26, 2023
- CISA KEV Date:May 20, 2024
- Industries Affected:20
207 DaysThreat Predictions
- EPSS Score:94.4
- EPSS Percentile:100%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Unauthenticated remote code execution vulnerability in NextGen Healthcare Mirth Connect prior to version 4.4.1, caused by an incomplete patch of CVE-2023-37679.
Overview
NextGen Healthcare Mirth Connect versions prior to 4.4.1 are vulnerable to unauthenticated remote code execution due to an incomplete patch of CVE-2023-37679. The flaw enables an attacker to execute arbitrary commands on the affected system over the network without credentials, with high impact across confidentiality, integrity, and availability. The vulnerability is associated with OS command injection and deserialization of untrusted data and is suitable for automated exploitation.
Remediation
- Upgrade Mirth Connect to version 4.4.1 or later where the patch is applied and the vulnerability is fixed.
- If upgrading is not immediately possible, implement strong network controls to limit exposure: place the server behind a VPN or restrict access with strict firewall rules to trusted IPs; block or restrict access to management interfaces and APIs that could be abused for remote command execution.
- Enable authentication and strong access controls on exposed interfaces if possible; rotate credentials and enforce least-privilege for any service accounts involved.
- Monitor and detect exploitation attempts: enable logs and alerting for unusual command execution patterns or deserialization activity; consider IDS/IPS rules relevant to the vulnerability.
- Validate patch applicability in a staging environment, perform regression tests, and verify the running version after patch application to ensure the vulnerability is mitigated.
References
- - [CVE-2023-43208 - MITRE CVE Database](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43208)
- - [Horizon3 AI: NextGen Mirth Connect Remote Code Execution vulnerability (CVE-2023-43208)](https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208/)
- - [PacketStorm Security: Mirth Connect 4.4.0 Remote Command Execution](http://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-Execution.html)
- - [CISA KEV – Known Exploited Vulnerabilities JSON feed](https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json)
Armis Early Warning
Armis Early Warning provides proactive threat intelligence and early detection capabilities.Click here to learn more.
- Armis Alert Date:Mar 18, 2024
- CISA KEV Date:May 20, 2024
- Days Early:207 Days
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
