NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679)

What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw (CVE-2023-37679). Mirth Connect is an open-source data integration platform widely used by healthcare companies. It enables the management of information using bi-directional sending of many types of messages. Attackers could exploit this vulnerability for initial access or to compromise sensitive healthcare data. CISA has recently added CVE-2023-43208 to its Known Exploited Vulnerabilities (KEV) catalog …

code code execution command command injection companies connect cve cve-2023-43208 data data integration flaw healthcare information injection injection flaw integration integration platform management mirth connect nextgen nextgen healthcare nextgen healthcare mirth connect patch platform rce remote code remote code execution source data types unauthenticated vulnerability vulnerable what is