Mirth Connect Unauthenticated Remote Code Execution (CVE-2023-43208)
Overview
Mirth Connect Unauthenticated Remote Code Execution, tracked as CVE-2023-43208, affects NextGen Healthcare Mirth Connect before version 4.4.1. Mirth Connect is commonly used to move and transform healthcare data, which makes server compromise especially sensitive in clinical and integration environments.
Vulnerability Overview
CVE-2023-43208 is an unauthenticated remote code execution vulnerability caused by an incomplete patch for CVE-2023-37679. Official records identify affected NextGen Healthcare Mirth Connect versions before 4.4.1.
The vulnerability is associated with unsafe handling of untrusted data in a server-side processing path. CISA enrichment also classifies the issue under command injection and deserialization of untrusted data.
Impact
The vulnerability is rated Critical with a CVSS 3.1 score of 9.8. Successful exploitation can allow unauthenticated remote attackers to execute commands on the Mirth Connect host.
For healthcare integration systems, that can put message flows, credentials, patient-related data paths, and connected internal services at risk. CVE-2023-43208 is listed in the CISA Known Exploited Vulnerabilities catalog.
Vulnerability Scope
The affected product is NextGen Healthcare Mirth Connect before version 4.4.1. Deployments running 4.4.1 or later, or systems where the vulnerable interface is not reachable by untrusted users, are outside the intended vulnerable condition.
The highest-risk environments are internet-facing or broadly reachable Mirth Connect servers that have not been updated after the incomplete CVE-2023-37679 fix.
Lab Focus
This Hackviser lab focuses on understanding how incomplete vulnerability fixes can leave a critical pre-authentication attack path in place. You will practice identifying affected Mirth Connect versions, understanding the relationship between deserialization and command execution, and mapping the CVE impact to healthcare integration security.