RidgeBot Detects Critical CVE-2023-43208 Vulnerability in NextGen Healthcare Mirth Connect

by | Jun 4, 2024 | Blog

Mirth Connect is a popular open-source health information integration engine developed by NextGen Healthcare. It can transform and map data from one format to another, allowing different systems to communicate despite using different data standards with support for custom scripting, a wide variety of communication protocols, and comprehensive monitoring tools. Because of its open-source nature, flexibility, community and commercial support, Mirth Connect is widely used by many hospitals, clinics, health information exchanges, and educational organizations.

However, on October 26, 2023, NIST published CVE-2023-43208, a vulnerability that allows attackers to run arbitrary commands on machines with Mirth Connect versions prior to 4.4.1. Due to the ease of exploiting this vulnerability and its significant impact, NIST assigned a CVSS score of 9.8. Moreover, it was recently added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on May 20, 2024, indicating known exploits in the wild.

The dedicated engineering team at Ridge Security took immediate action in response to the update of the CISA KEV Catalog. At the time of writing this blog, we are proud to announce that the plugin to scan this CVE has already been included in the new release. RidgeBot utilizes cutting-edge techniques to scan and attempt to exploit this vulnerability regardless of whether the target system is running on Windows, Linux, or Mac.

Once vulnerabilities are found, RidgeBot provides detailed reports including Type, Severity, Description, and Risk details. With this information, it will be easy to understand the vulnerabilities, their impact, and how to patch them.

Figure 1: Vulnerability report for CVE-2023-43208

Figure 2: Risk item report for CVE-2023-43208

Figure 3: The exact commands and response from the target

Given the severity of CVE-2023-43208, we urge all healthcare organizations to conduct a security test on their networks to mitigate the impact of this vulnerability. In the Information Age, cyber threats are prevalent. Ridge Security continuously monitors emerging vulnerabilities and protects our customers. With our ever-growing threat intelligence database, RidgeBot offers unparalleled defense against evolving cyber threats, providing you with peace of mind and robust defense in an ever-evolving threat landscape.