<\/div>\n

CISA adds NextGen Healthcare Mirth Connect deserialization of untrusted data vulnerability to its Known Exploited Vulnerabilities catalog.<\/h2>\n\n\n\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a> a NextGen Healthcare Mirth Connect vulnerability to its Known Exploited Vulnerabilities (KEV) catalog<\/a>.<\/p>\n\n\n\n

The issue, tracked as CVE-2023-43208<\/a>, is a Deserialization of Untrusted Data Vulnerability. <\/p>\n\n\n\n

Deserialization of untrusted data vulnerability is a security flaw that occurs when an application deserializes data from an untrusted source without properly validating or sanitizing it. Deserialization is the process of converting serialized data (data formatted for storage or transmission) back into an object or data structure that a program can use.<\/p>\n\n\n\n

The flaw impacts NextGen Healthcare Mirth Connect before version 4.4.1, an unauthenticated remote attacker can trigger the issue to achieve code execution.<\/p>\n\n\n\n

US CISA also addressed recently disclosed Google Chromium V8 Type Confusion Vulnerability (CVE-2024-4947<\/a>).<\/p>\n\n\n\n

The vulnerability CVE-2024-4947 is a type confusion that resides in V8 JavaScript engine. The vulnerability was reported by Vasily Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky on May 13, 2024.<\/p>\n\n\n\n

\u201cGoogle is aware that an exploit for CVE-2024-4947 exists in the wild,\u201d reads the\u00a0advisory<\/a>\u00a0published by Google.<\/em><\/p>\n\n\n\n

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.<\/gwmw><\/p>\n\n\n\n

Experts recommend also private organizations review the\u00a0Catalog<\/a>\u00a0and address the vulnerabilities in their infrastructure.<\/gwmw><\/p>\n\n\n\n

CISA orders federal agencies to fix these vulnerabilities by June 10, 2024.<\/gwmw><\/gwmw><\/gwmw><\/gwmw><\/p>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/gwmw><\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/gwmw><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, CISA<\/a>)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

CISA adds NextGen Healthcare Mirth Connect deserialization of untrusted data vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added a NextGen Healthcare Mirth Connect vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2023-43208, is a Deserialization of Untrusted Data Vulnerability. Deserialization of untrusted data vulnerability […]<\/p>\n","protected":false},"author":1,"featured_media":106349,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,55],"tags":[8913,4112,9508,9506,10918,12584,15100,687,841,1533],"class_list":["post-163496","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-security","tag-cisa","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-known-exploited-vulnerabilities-catalog","tag-nextgen-healthcare-mirth-connect","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n