Open source data integration platform Mirth Connect is affected by a remote code execution vulnerability that can be exploited without authentication, cybersecurity firm Horizon3.ai warns.
Developed by NextGen HealthCare, Mirth Connect is a cross-platform interface engine that healthcare organizations rely on for information management.
Tracked as CVE-2023-43208, the newly disclosed issue is a bypass for a critical-severity RCE flaw (CVE-2023-37679, CVSS score of 9.8) that was disclosed in August 2023 and which was addressed with the release of Mirth Connect version 4.4.0.
According to Horizon3.ai, CVE-2023-37679 was said to only impact Mirth Connect instances using Java 8 or below, but further analysis of the vulnerability has revealed that, in fact, all Mirth Connect installs are impacted, regardless of the Java version they use.
Furthermore, the cybersecurity firm’s investigation has revealed that the patch for CVE-2023-37679 can be bypassed, and reported the findings to NextGen HealthCare, which released Mirth Connect version 4.4.1 to address the new issue.
“This is an easily exploitable, unauthenticated remote code execution vulnerability. Attackers would most likely exploit this vulnerability for initial access or to compromise sensitive healthcare data,” Horizon3.ai says.
For the time being, Horizon3.ai refrains from releasing technical details or an exploit for CVE-2023-43208, but warns that the methods for exploitation are well known.
“We have verified that Mirth Connect versions going as far back as 2015/2016 are vulnerable,” the cybersecurity firm notes.
Horizon3.ai also points out that Mirth Connect appears to be deployed mostly on Windows machines, where it typically runs with System privileges, suggesting that the impact of a successful attack would be critical.
Additionally, the cybersecurity firm notes that it has identified more than 1,200 unique Mirth Connect instances that are directly accessible from the internet.
Mirth Connect users are advised to update to version 4.4.1 of the platform as soon as possible.
Related: Dozens of RCE Vulnerabilities Impact Milesight Industrial Router
Related: Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins
Related: Fortinet Patches Critical RCE Vulnerability in FortiNAC
