CVE-2023-37679: 
Mirth Connect vulnerability analysis and mitigation

A remote command execution (RCE) vulnerability was discovered in NextGen Mirth Connect v4.3.0, tracked as CVE-2023-37679. The vulnerability allows attackers to execute arbitrary commands on the hosting server without requiring authentication. Mirth Connect is an open-source healthcare data integration system used for managing and sending bi-directional healthcare messages. The vulnerability affects all versions of the product (Linux, Windows, and MacOS) up to version 4.3.0 (IHTeam Advisory).

The vulnerability stems from an internal servlet filter in the Mirth Connect's code-base rather than third-party components. The issue is particularly critical when running on Java Runtime Environment (JRE) 8.0 or below. The vulnerability received a CVSS v3.1 base score of 9.8 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

The impact of this vulnerability is severe, particularly because by default, the Mirth Connect server starts with administrative privileges (root or SYSTEM). This means any remote command execution will have maximum system impact. At the time of discovery, approximately 2,000 systems were exposed on the internet according to Shodan searches (IHTeam Advisory).

The vulnerability was patched in Mirth Connect version 4.4.0. Organizations are advised to upgrade to version 4.4.1 or later, as version 4.4.0 was later found to have an incomplete fix. Additionally, the vendor announced plans to discontinue support for JRE 8.0 in favor of newer versions. The management interface of Mirth Connect should never be exposed to the Internet, and appropriate firewall rules should be implemented (IHTeam Advisory).