What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw (CVE-2023-37679). Mirth Connect is an open-source data integration platform widely used by healthcare companies. It enables the management of information using bi-directional sending of many types of messages. Attackers could exploit this vulnerability for initial access or to compromise sensitive healthcare data. CISA has recently added CVE-2023-43208 to its Known Exploited Vulnerabilities (KEV) catalog on May 20th, 2024. What is the recommended Mitigation?Users are advised to update to the latest version of NextGen Healthcare Mirth Connect as per the vendor’s instructions. What FortiGuard Coverage is available?FortiGuard Labs released an IPS signature “NextGen.Healthcare.Mirth.Connect.Command.Injection” to detect and block attack attempts targeting the vulnerability (CVE-2023-37679 and CVE-2023-43208). The FortiGuard Incident Response team can be engaged to help with any suspected compromise.
NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679)
Read Time:50 Second