Lucene search

K
cveMitreCVE-2023-37679
HistoryAug 03, 2023 - 3:15 a.m.

CVE-2023-37679

2023-08-0303:15:10
CWE-77
mitre
web.nvd.nist.gov
43
In Wild
cve-2023-37679
nextgen mirth connect
rce
vulnerability
remote command execution
nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.191

Percentile

96.4%

A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.

Affected configurations

Nvd
Node
nextgenmirth_connectMatch4.3.0
VendorProductVersionCPE
nextgenmirth_connect4.3.0cpe:2.3:a:nextgen:mirth_connect:4.3.0:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.191

Percentile

96.4%