US federal agencies are required to update the software to the latest version by June 10.
The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday, May 20, included a vulnerability affecting Mirth Connect from NextGen Healthcare in its catalog of known exploited vulnerabilities (KEV).
The vulnerability, identified as CVE-2023-43208, is related to remote code execution without authentication and resulted from an incomplete fix for another critical vulnerability, CVE-2023-37679, which has a CVSS rating of 9.8.
Mirth Connect is an open source data integration platform widely used in American healthcare to share data between different systems.
Information about this vulnerability first appeared thanks to experts Horizon3.ai at the end of October 2023, and additional technical details along with the PoC exploit were published in January 2024.
Security researcher Navin Sankavalli said that CVE-2023-43208 is related to the unsafe use of the Java XStream library for processing XML data, which makes the vulnerability easily exploited.
CISA did not provide information on the nature of attacks using this vulnerability, and it is unclear who started using them and when.
In addition to the vulnerability in Mirth Connect, the agency also added to the KEV catalog a recent Type Confusion vulnerability affecting the Google Chrome browser (CVE-2024-4947), which the company recognized as being exploited in real attacks.
US federal agencies are required to update the software to a patched version: Mirth Connect version 4.4.1 or higher, as well as Chrome version 125.0.6422.60/.61 for Windows, macOS and Linux by June 10, 2024, in order to protect their networks from active cyber threats.
The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday, May 20, included a vulnerability affecting Mirth Connect from NextGen Healthcare in its catalog of known exploited vulnerabilities (KEV).
The vulnerability, identified as CVE-2023-43208, is related to remote code execution without authentication and resulted from an incomplete fix for another critical vulnerability, CVE-2023-37679, which has a CVSS rating of 9.8.
Mirth Connect is an open source data integration platform widely used in American healthcare to share data between different systems.
Information about this vulnerability first appeared thanks to experts Horizon3.ai at the end of October 2023, and additional technical details along with the PoC exploit were published in January 2024.
Security researcher Navin Sankavalli said that CVE-2023-43208 is related to the unsafe use of the Java XStream library for processing XML data, which makes the vulnerability easily exploited.
CISA did not provide information on the nature of attacks using this vulnerability, and it is unclear who started using them and when.
In addition to the vulnerability in Mirth Connect, the agency also added to the KEV catalog a recent Type Confusion vulnerability affecting the Google Chrome browser (CVE-2024-4947), which the company recognized as being exploited in real attacks.
US federal agencies are required to update the software to a patched version: Mirth Connect version 4.4.1 or higher, as well as Chrome version 125.0.6422.60/.61 for Windows, macOS and Linux by June 10, 2024, in order to protect their networks from active cyber threats.
