The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) list, thus alerting government agencies and other firms of active exploitation in the wild.
The new addition is an authenticated code execution vulnerability found in NextGen Healthcare Mirth Connect. It is tracked as CVE-2023-43208, and has not yet been given a severity score.
NextGen Healthcare Mirth Connect is an open-source integration engine used primarily in healthcare IT for exchanging healthcare data between various systems. It enables interoperability between different healthcare applications, and allows secure and efficient transfer of data through standardized protocols and formats such as HL7, DICOM, and FHIR.
No details about the flaw
This vulnerability reportedly came as a side-effect of the company trying to fix a previous critical-severity flaw, tracked as CVE-2023-37679. This vulnerability, carrying a severity score of 9.8, was also described as a pre-auth remote code execution, and received a fix in August last year.
Besides adding the vulnerability to the KEV list, CISA said very little about the flaw. Thus, we don’t know who the threat actors are, how they are exploiting it, who the victims are, or how many of them there are.
CISA gave federal agencies a deadline of June 10 to update their endpoints and bring Mirth Connect to version 4.1.1.
Given the sensitivity of the information they operate, organizations in the healthcare industry are one of the most targeted ones out there. There are multiple ways cybercriminals can weaponize sensitive data, from selling it on the black market for a profit, to extorting money from victim companies.
When healthcare organizations lose data in a cyberattack, they lose trust from their patients, which ultimately translates to loss of business. From the other end, legislators and data watchdogs can demand significant investments in cybersecurity measures, as well as fines for losing patient data, which also translates to less earnings.
Via The Hacker News