PT-2023-9236 · Nexgen · Nextgen Mirth Connect

Byr00T

Publicado

2023-06-21

Atualizado

2024-12-20

CVE-2023-37679

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NextGen Mirth Connect version 4.3.0

Description A remote command execution issue allows attackers to execute arbitrary commands on the hosting server. The vulnerability is related to the XStreamSerializer class and is due to a lack of data sanitization at the management level. This can be exploited by a remote attacker to execute arbitrary commands.

Recommendations For NextGen Mirth Connect version 4.3.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

BDU:2024-05267

CVE-2023-37679

Produtos afetados

Nextgen Mirth Connect

PT-2023-9236 · Nexgen · Nextgen Mirth Connect

CVE-2023-37679

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24