Cybersecurity and US infrastructure security agency (CISA) announced on Monday, May 20, that a vulnerability affecting MIRTH Connect from NEXTGEN HEALTHCARE has been included in its catalog of well-known exploited vulnerabilities (KEV).
The vulnerability, designated as CVE-2023-43208, allows for remote code execution without authentication and is a result of incomplete correction of another critical vulnerability, CVE-2023-37679, which has a CVSS rating of 9.8.
Mirth Connect is an open-source data platform widely used in American healthcare for data exchange between different systems.
The vulnerability was first reported by Horizon3.Ai specialists in October 2023, with additional technical details and proof-of-concept (POC) Explict published in January 2024.
Security researcher Navin Sankavvalli stated that CVE-2023-43208 is linked to unsafe use of the Java Xstream library for XML data processing, making it easily exploitable.
CISA did not disclose information about the nature of attacks using this vulnerability, and it remains unclear who and when these vulnerabilities were exploited.
Alongside the MIRTH Connect vulnerability, CISA also added a recent vulnerability of Type Confusion to the KEV catalog, affecting the Google Chrome browser (CVE-2024-4947), which has been identified in real attacks.
US Federal Agencies are advised to update their software to the patched versions: Mirth Connect version 4.4.1 or higher, and Chrome version 125.0.6422.60/61 for Windows, MacOS, and Linux before June 10, 2024, to safeguard their networks from active cyber threats.