October 26, 2023 at 02:57PM
Open source data integration platform Mirth Connect has a remote code execution vulnerability, according to cybersecurity firm Horizon3.ai. The vulnerability, tracked as CVE-2023-43208, bypasses a critical-severity flaw disclosed earlier and affects all Mirth Connect installations. A patch has been released, but the cybersecurity firm warns that the vulnerability is easily exploitable and could lead to compromise of sensitive healthcare data. Mirth Connect users are urged to update to version 4.4.1 to address the issue.
Meeting Takeaways:
– Mirth Connect, an open-source data integration platform used by healthcare organizations for information management, is affected by a remote code execution vulnerability (CVE-2023-43208).
– The vulnerability is a bypass for a previously disclosed critical-severity RCE flaw (CVE-2023-37679) that was addressed with the release of Mirth Connect version 4.4.0.
– Initially, it was believed that CVE-2023-37679 only impacted Mirth Connect instances using Java 8 or below. However, further analysis reveals that all Mirth Connect installs are impacted, regardless of the Java version used.
– The patch for CVE-2023-37679 can be bypassed, leading to the disclosure of the new vulnerability (CVE-2023-43208).
– The new vulnerability is an easily exploitable, unauthenticated remote code execution vulnerability that could be used to gain initial access or compromise sensitive healthcare data.
– Mirth Connect versions dating back to 2015/2016 are vulnerable.
– Mirth Connect is predominantly deployed on Windows machines and typically runs with System privileges.
– Over 1,200 unique Mirth Connect instances have been identified as directly accessible from the internet.
– Users of Mirth Connect are advised to update to version 4.4.1 to address the vulnerabilities.