On Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw affecting NextGen Healthcare’s Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The flaw, CVE-2023-43208 (CVSS score: N/A), involves unauthenticated remote code execution due to an incomplete patch for another critical flaw, CVE-2023-37679 (CVSS score: 9.8).
CISA has not provided any information about the nature of attacks exploiting the flaw, and it is unclear who weaponized them or when the in-the-wild exploitation was recorded.
Security researcher Naveen Sunkavally described CVE-2023-43208 as easily exploitable, ultimately related to insecure usage of the Java XStream library for unmarshalling XML payloads.
Newly disclosed is a type of confusion bug affecting the Google Chrome browser (CVE-2024-4947), acknowledged by the tech giant as exploited in real-world attacks, and now added to the KEV catalog.
Federal agencies are required to update to a patched version of the software – Mirth Connect version 4.4.1 or later and Chrome version 125.0.6422.60/.61 for Windows, macOS, and Linux – by June 10, 2024, to secure their networks against active threats.