The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a significant security flaw in NextGen Healthcare Mirth Connect, now added to the Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2023-43208, this flaw stems from an incomplete patch for another critical vulnerability, CVE-2023-37679, which allows unauthenticated remote code execution. The vulnerability, disclosed by Horizon3.ai in October 2023, relates to insecure usage of the Java XStream library for unmarshalling XML payloads, making it easily exploitable.
Mirth Connect is a widely used open-source data integration platform in the healthcare sector, facilitating standardized data exchange between different systems. The active exploitation of this flaw raises serious concerns about the security of sensitive healthcare data. While CISA has not provided specific details on the nature or perpetrators of these attacks, it highlights the pressing need for immediate action to mitigate the risks.
In addition to Mirth Connect vulnerabilities, Microsoft has observed nation-state and cybercrime actors exploiting multiple other flaws in various platforms, including ConnectWise ScreenConnect and JetBrains TeamCity. This widespread exploitation underscores the critical importance of promptly addressing software vulnerabilities to protect against unauthorized access and potential data breaches.
Federal agencies are mandated to update their systems to Mirth Connect version 4.4.1 or later, and Chrome version 125.0.6422.60/.61 for all operating systems by June 10, 2024. This directive aims to enhance network security and protect against active threats. Ensuring these updates are implemented is crucial in safeguarding against the exploitation of these vulnerabilities and maintaining the integrity of sensitive healthcare information.
Reference:
