Critical vulnerability in NextGen Mirth Connect exposes data
Take action: If your organization is using Mirth Connect, start patching ASAP. As a temporary workaround, you can try to use it only via trusted isolated network connections to partners, but that's usually a difficult proposition for a multi-platform integration system. Patching is still a great choice for this system.
Learn More
Data integration tool, Mirth Connect by NextGen HealthCare is reporting a serious security flaw that allows unauthenticated remote code execution. Often referred to as the "Swiss Army knife of healthcare integration," Mirth Connect provides seamless communication and data sharing among diverse systems in the healthcare sector, ensuring they adhere to standard protocols.
The vulnerability is tracked as CVE-2023-43208. Attackers would most likely exploit this vulnerability for initial access or to compromise sensitive healthcare data. The specifics of the flaw have not been extensively shared, given that versions of Mirth Connect dating back to 2015/2016 are susceptible to this issue. This vulnerability essentially acts as a bypass for the fix to another vulnerability, CVE-2023-37679 (with a CVSS score of 9.8). This earlier flaw is a severe remote command execution vulnerability that permits attackers to run any command on the affected server.
The issues have been fixed in the 4.4.1 update of Mirth Connect released on October 6, 2023.
While the developers initially claimed CVE-2023-37679 only impacted servers utilizing Java 8, a comprehensive review by revealed that Mirth Connect installations, irrespective of the Java version, were all vulnerable to this new issue.
Considering the straightforward nature of exploiting this vulnerability and its known exploitation techniques, it's imperative for users, especially those whose systems are accessible online, to promptly update Mirth Connect to version 4.4.1 to prevent potential security breaches.
