CVE-2023-43208
Published: 26 October 2023
Summary
CVE-2023-43208 is a critical-severity OS Command Injection (CWE-78) vulnerability in Nextgen Mirth Connect. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
NextGen Healthcare Mirth Connect versions prior to 4.4.1 contain an unauthenticated remote code execution vulnerability that stems from an incomplete remediation of CVE-2023-37679. The flaw is tracked under CWE-78 and CWE-502 and carries a CVSS 3.1 score of 9.8, reflecting network-accessible attack vectors that require no credentials or user interaction.
Remote attackers can send specially crafted requests to the affected server and obtain arbitrary command execution on the underlying host, enabling full system compromise including data exfiltration, persistence, or lateral movement. Public proof-of-concept material on PacketStorm demonstrates reliable exploitation against the 4.4.0 release.
CISA has added the CVE to its Known Exploited Vulnerabilities catalog, and vendor guidance directs administrators to upgrade immediately to version 4.4.1 or later. Horizon3 analysis further details the deserialization and command-injection paths that must be addressed by the patch.
The vulnerability shows sustained high exploitation probability, with an EPSS score currently at 0.9442 and a recorded peak of 0.9750, consistent with its presence on the CISA KEV list.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-47627
Vulnerability details
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
- CWE(s)
- KEV Date Added
- 20 May 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch that completes remediation of the incomplete fix for CVE-2023-37679.
Enforces authentication and access control decisions to block the unauthenticated network vectors used for RCE.
Validates untrusted input to stop the crafted payloads that trigger CWE-78 command injection and CWE-502 deserialization.