The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday included a security flaw impacting NextGen Health care Mirth Connect to its Regarded Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The flaw, tracked as CVE-2023-43208 (CVSS rating: N/A), concerns a case of unauthenticated remote code execution arising from an incomplete patch for one more critical flaw CVE-2023-37679 (CVSS rating: 9.8).
Facts of the vulnerability have been very first discovered by Horizon3.ai in late October 2023, with additional technological details and a proof-of-thought (PoC) exploit introduced previously this January.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Mirth Connect is an open-supply facts integration platform extensively made use of by health care providers, allowing for knowledge exchange among diverse units in a standardized way.
CVE-2023-43208 is “eventually relevant to insecure use of the Java XStream library for unmarshalling XML payloads,” security researcher Naveen Sunkavally reported, describing the flaw as quickly exploitable.
CISA has not presented any data about the character of attacks exploiting the flaw, and it is unclear who weaponized them or when the in-the-wild exploitation was recorded.
Also added to the KEV catalog is a newly disclosed kind of confusion bug impacting the Google Chrome browser (CVE-2024-4947) that the tech giant has acknowledged as exploited in serious-globe attacks.
Federal organizations are essential to update to a patched edition of the software package – Mirth Hook up variation 4.4.1 or afterwards and Chrome edition 125..6422.60/.61 for Windows, macOS, and Linux – by June 10, 2024, to safe their networks towards lively threats.
Identified this article appealing? Follow us on Twitter and LinkedIn to examine more exceptional written content we write-up.
Some components of this short article are sourced from:
thehackernews.com