CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Jun 10, 2024
High
CISA KEVRansomwareCVE-2023-43208
NextGen Healthcare—Mirth Connect
NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a specially crafted request.
Required Action
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://github.com/nextgenhealthcare/connect/wiki/4.4.1---What%27s-New ; https://nvd.nist.gov/vuln/detail/CVE-2023-43208
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Known
- Published
- May 20, 2024
- KEV Added
- May 20, 2024
- Due Date
- Jun 10, 2024
- Related Articles
- 0
Vendor
NextGen Healthcare
Mirth Connect