Security News > 2024 > May > NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning
2024-05-21 07:13
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaw, tracked as CVE-2023-43208 (CVSS score: N/A), concerns a case of unauthenticated remote code execution arising from an incomplete
News URL
https://thehackernews.com/2024/05/nextgen-healthcare-mirth-connect-under.html
Related news
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Healthcare attacks spread beyond US – just ask India's Star Health (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-43208 | OS Command Injection vulnerability in Nextgen Mirth Connect NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. | 9.8 |