The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday included a security flaw impacting NextGen Health care Mirth Connect to its Regarded Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The flaw, tracked as CVE-2023-43208 (CVSS rating: N/A), concerns a case of unauthenticated remote code execution arising from an incomplete patch for one more critical flaw CVE-2023-37679 (CVSS rating: 9.8).
Facts of the vulnerability have been very first discovered by Horizon3.ai in late October 2023, with additional technological details and a proof-of-thought (PoC) exploit introduced previously this January.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Mirth Connect is an open-supply facts integration platform extensively made use of by health care providers, allowing for knowledge exchange among diverse units in a standardized way.
CVE-2023-43208 is “eventually relevant to insecure use of the Java XStream library for unmarshalling XML payloads,” security researcher Naveen Sunkavally reported, describing the flaw as quickly exploitable.
CISA has not presented any data about the character of attacks exploiting the flaw, and it is unclear who weaponized them or when the in-the-wild exploitation was recorded.
Also added to the KEV catalog is a newly disclosed kind of confusion bug impacting the Google Chrome browser (CVE-2024-4947) that the tech giant has acknowledged as exploited in serious-globe attacks.
Federal organizations are essential to update to a patched edition of the software package – Mirth Hook up variation 4.4.1 or afterwards and Chrome edition 125..6422.60/.61 for Windows, macOS, and Linux – by June 10, 2024, to safe their networks towards lively threats.
Identified this article appealing? Follow us on Twitter and LinkedIn to examine more exceptional written content we write-up.
Some components of this short article are sourced from:
thehackernews.com
“Linguistic Lumberjack” Vulnerability Discovered in Popular Logging Utility Fluent Bit