Mirth Connect, a data integration platform developed by NextGen HealthCare, is under threat from a severe remote code execution vulnerability that can be exploited without any form of authentication. This warning comes from cybersecurity firm Horizon3.ai. The platform is vital to healthcare organizations as they use it for information management.
The vulnerability, tagged as CVE-2023-43208, is a bypass for a high-severity RCE flaw (CVE-2023-37679, CVSS score of 9.8) that was made public in August 2023 and was supposedly fixed with the release of Mirth Connect version 4.4.0. However, Horizon3.ai has discovered that the patch for CVE-2023-37679 can be circumvented.
Initially, it was believed that CVE-2023-37679 only affected Mirth Connect instances running on Java 8 or below. But Horizon3.ai's analysis has revealed that all Mirth Connect installations are at risk, irrespective of the Java version in use. Upon discovering this, Horizon3.ai reported their findings to NextGen HealthCare, who then released Mirth Connect version 4.4.1 to address the new issue.
Horizon3.ai states, “This is an easily exploitable, unauthenticated remote code execution vulnerability. Attackers would most likely exploit this vulnerability for initial access or to compromise sensitive healthcare data.” The firm has refrained from releasing any technical details or an exploit for CVE-2023-43208, but warns that the exploitation techniques are well known.
The firm also confirmed that versions of Mirth Connect dating back to 2015/2016 are vulnerable. They also highlighted that Mirth Connect is primarily deployed on Windows machines, where it often runs with System privileges, indicating that the consequences of a successful attack could be severe.
Horizon3.ai has identified over 1,200 unique Mirth Connect instances that are directly accessible from the internet. Therefore, users of Mirth Connect are strongly urged to update to version 4.4.1 of the platform as soon as possible to mitigate the risk.