Vulnerability Description
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextgen | Mirth Connect | < 4.4.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-EExploitThird Party AdvisoryVDB Entry
- https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerabilitExploitThird Party Advisory
- http://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-EExploitThird Party AdvisoryVDB Entry
- https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerabilitExploitThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-US Government Resource
FAQ
What is CVE-2023-43208?
CVE-2023-43208 is a vulnerability with a CVSS score of 9.8 (CRITICAL). NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
How severe is CVE-2023-43208?
CVE-2023-43208 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-43208?
Check the references section above for vendor advisories and patch information. Affected products include: Nextgen Mirth Connect.