The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) list, warning government agencies and other companies of active exploitation in the wild.
The new addition is a verified code execution vulnerability found in NextGen Healthcare Mirth Connect. It is being tracked as CVE-2023-43208 and has not yet been assigned a severity rating.
NextGen Healthcare Mirth Connect is an open-source integration engine primarily used in healthcare IT for exchanging healthcare data between different systems. It enables interoperability between different healthcare applications and enables secure and efficient data transfer via standardized protocols and formats such as HL7, DICOM and FHIR.
No details about the error
This vulnerability was reportedly a side effect of the company’s attempt to fix a previous critical flaw, tracked as CVE-2023-37679. This vulnerability, with a severity score of 9.8, was also described as a pre-auth remote code execution and was patched in August last year.
Besides adding the vulnerability to the KEV list, CISA said very little about the flaw. So we don’t know who the threat actors are, how they exploit them, who the victims are, or how many of them there are.
CISA gave federal agencies a June 10 deadline to update their endpoints and bring Mirth Connect to version 4.1.1.
Given the sensitivity of the information they process, healthcare organizations are among the most targeted. There are multiple ways cybercriminals can weaponize sensitive data, from selling it for a profit on the black market to extorting money from victim companies.
When healthcare organizations lose data in a cyberattack, they lose the trust of their patients, which ultimately translates into lost revenue. On the other hand, lawmakers and data watchdogs may demand significant investments in cybersecurity measures as well as fines for the loss of patient data, which also translates into less revenue.
Through The hacker news