CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw

CISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog. The post CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw appeared first on SecurityWeek.

CISA

The US cybersecurity agency CISA on Monday added a flaw affecting NextGen Healthcare’s Mirth Connect product to its Known Exploited Vulnerabilities (KEV) catalog. 

Mirth Connect is a widely used cross-platform interface engine that healthcare organizations use for information management. 

The vulnerability affecting the open source product, tracked as CVE-2023-43208, is a data deserialization issue that can allow unauthenticated remote code execution. A patch was rolled out with the release of version 4.4.1.

The flaw came to light in October 2023, when cybersecurity firm Horizon3.ai warned of its potential impact on healthcare companies. CVE-2023-43208 is a variation of CVE-2023-37679, which Mirth Connect developers had previously patched with the release of version 4.4.0.

Horizon3.ai at the time described the vulnerability as easily exploitable and cautioned that “attackers would most likely exploit this vulnerability for initial access or to compromise sensitive healthcare data”.

The security firm also noted seeing more than 1,200 internet-exposed instances of NextGen Mirth Connect.

Horizon3.ai made available technical details and proof-of-concept (PoC) code in mid-January 2024. A few days later, The Shadowserver Foundation reported seeing more than 440 internet-exposed instances that appeared to be impacted by CVE-2023-43208.

CISA has added CVE-2023-43208 to its KEV catalog and instructed government agencies to address it by June 10. 

The agency has not shared any information on the attacks. Exploitation of CVE-2023-37679 and CVE-2023-43208 was mentioned by Microsoft in April in a brief report on ransomware attacks seen by the tech giant in the first quarter of 2024. 

Microsoft said at the time that the Mirth Connect and other flaws had been exploited for initial access by a China-based threat actor tracked by the company as Storm-1175, known for deploying Medusa ransomware.

CISA may be aware of other attacks. The agency’s KEV catalog does not mention ransomware exploitation (the field that specifies whether a flaw has been used in ransomware attacks is ‘unknown’) and CVE-2023-37679 has yet to be added to the catalog.  

Related: CISA Warns of Exploited Vulnerabilities in EOL D-Link Products

Related: CISA Announces CVE Enrichment Project ‘Vulnrichment’

Related: CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation

Latest News

CYBERNEWSMEDIAPublisher