Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2023-43208
PUBLISHEDNextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is...
- Vendor
- NextGen Healthcare
- Product
- Mirth Connect
- Published
- Oct 26, 2023
- EPSS
- —
Description
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | May 20, 2024 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/mirth_connect_cve_2023_43208.rb | Apr 28, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-43208.yaml | Apr 25, 2025 |
| Nessus | https://www.tenable.com/plugins/nessus/183969 | Oct 30, 2023 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-11-28 09:03:23 UTC · 2 stars
Use java.net.InetAddress for detection
github · Created 2024-03-17 08:44:14 UTC · 3 stars
github · Created 2024-03-15 12:03:51 UTC · 24 stars
A PoC exploit for CVE-2023-43208 - Mirth Connect Remote Code Execution (RCE)
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Detected by Nessus
-
Added to KEVIntel
-
Detected by Nuclei
-
Detected by Metasploit
-
Exploit Used in Malware