NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-Execution.html | Exploit Third Party Advisory VDB Entry |
https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208/ | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-Execution.html | Exploit Third Party Advisory VDB Entry |
https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:23
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208/ - Exploit, Third Party Advisory |
14 Aug 2024, 19:57
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
CWE | CWE-78 |
03 Jul 2024, 01:41
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-502 |
23 May 2024, 18:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-Execution.html - Third Party Advisory, VDB Entry |
31 Jan 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Nov 2023, 01:50
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
First Time |
Nextgen
Nextgen mirth Connect |
|
CPE | cpe:2.3:a:nextgen:mirth_connect:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208/ - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
26 Oct 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. |
26 Oct 2023, 17:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-26 17:15
Updated : 2024-11-21 08:23
NVD link : CVE-2023-43208
Mitre link : CVE-2023-43208
CVE.ORG link : CVE-2023-43208
JSON object : View
Products Affected
nextgen
- mirth_connect