The US CISA has added a flaw affecting NextGen Healthcare’s Mirth Connect product to its Known Exploited Vulnerabilities catalog.
Mirth Connect is a widely used cross-platform interface engine that healthcare organizations use for information management.
The vulnerability tracked as CVE-2023-43208, is a data deserialization issue that can allow unauthenticated remote code execution. A patch was rolled out with the release of version 4.4.1.
The flaw came to light in October 2023, when cybersecurity firm Horizon3.ai warned of its potential impact on healthcare companies. CVE-2023-43208 is a variation of CVE-2023-37679, which Mirth Connect developers had previously patched with the release of version 4.4.0.
A working PoC code was made available in mid-January 2024. At that time, it was vulnerable and as easily exploitable, and the attackers would most likely exploit this vulnerability for initial access or to compromise sensitive healthcare data and more than 1,200 internet-exposed instances of NextGen Mirth Connect.
CISA has added CVE-2023-43208 to its KEV catalog and instructed government agencies to address it by June 10.
