• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical flaw in nextgen's mirth connect could expose healthcare data

Critical Flaw in NextGen’s Mirth Connect Could Expose Healthcare Data

You are here: Home / General Cyber Security News / Critical Flaw in NextGen’s Mirth Connect Could Expose Healthcare Data
October 26, 2023

Customers of Mirth Hook up, an open up-supply facts integration system from NextGen Healthcare, are staying urged to update to the latest version pursuing the discovery of an unauthenticated distant code execution vulnerability.

Tracked as CVE-2023-43208, the vulnerability has been resolved in variation 4.4.1 produced on Oct 6, 2023.

“This is an very easily exploitable, unauthenticated distant code execution vulnerability,” Horizon3.ai’s Naveen Sunkavally explained in a Wednesday report. “Attackers would most very likely exploit this vulnerability for original access or to compromise delicate health care data.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Termed the “Swiss Military knife of healthcare integration,” Mirth Link is a cross-platform interface motor made use of in the health care industry to connect and exchange data amongst disparate systems in a standardized method.

Cybersecurity

Further technological information about the flaw have been withheld in gentle of the truth that Mirth Join variations going as significantly again as 2015/2016 have been discovered to be vulnerable to the issue.

It is really value noting that CVE-2023-43208 is a patch bypass for CVE-2023-37679 (CVSS rating: 9.8), a critical remote command execution (RCE) vulnerability in the program that makes it possible for attackers to execute arbitrary commands on the hosting server.

Vulnerability

Even though CVE-2023-37679 was explained by its maintainers as only influencing servers running Java 8, Horizon3.ai’s investigation located that all cases of Mirth Connect, irrespective of the Java version, were prone to the issue.

Given the ease with which the vulnerability can be trivially abused, coupled with the point that the exploitation strategies are well identified, it’s encouraged to update Mirth Link, especially that are publicly obtainable around the internet, to edition 4.4.1 as shortly as possible to mitigate potential threats.

Observed this post interesting? Abide by us on Twitter  and LinkedIn to browse much more unique material we publish.


Some areas of this post are sourced from:
thehackernews.com

Previous Post: «yorotrooper: researchers warn of kazakhstan's stealthy cyber espionage group YoroTrooper: Researchers Warn of Kazakhstan’s Stealthy Cyber Espionage Group
Next Post: Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks iranian group tortoiseshell launches new wave of imaploader malware attacks»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors
  • Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It
  • Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
  • Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission
  • Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams
  • Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
  • The Hidden Weaknesses in AI SOC Tools that No One Talks About
  • Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
  • Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
  • North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.