H3-2023-0027
NextGen Mirth Connect Remote Code Execution Vulnerability
| Category | VULNERABILITY |
| Base Score | 9.8 |
Description
The Mirth Connect Administrator web application is vulnerable to unauthenticated remote code execution due to insecure usage of the Java XStream library.
Impact
Remote unauthenticated attackers can execute arbitrary commands on the server in the context of the Mirth Connect service user, which is typically SYSTEM on Windows. Attackers may be able to compromise sensitive healthcare data. NOTE: This vulnerability is the same as CVE-2023-43208.
References
- Horizon3.ai: Writeup for CVE-2023-43208: NextGen Mirth Connect Pre-Auth RCE
- NextGen Healthcare Mirth Connect 4.4.1 Release
- Microsoft Threat Intelligence: Evidence of Exploitation in the Wild
- GitHub: Evidence of Exploitation in the Wild
- NVD: CVE-2023-43208
- Metasploit: Mirth Connect Deserialization RCE
- Nuclei: NextGen Healthcare Mirth Connect - Remote Code Execution