{"id":987994,"date":"2023-10-26T09:25:43","date_gmt":"2023-10-26T11:25:43","guid":{"rendered":"https:\/\/teknomers.com\/fr\/une-faille-critique-dans-mirth-connect-de-nextgen-pourrait-exposer-les-donnees-de-sante\/"},"modified":"2023-10-26T09:25:47","modified_gmt":"2023-10-26T11:25:47","slug":"une-faille-critique-dans-mirth-connect-de-nextgen-pourrait-exposer-les-donnees-de-sante","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/une-faille-critique-dans-mirth-connect-de-nextgen-pourrait-exposer-les-donnees-de-sante\/","title":{"rendered":"Une faille critique dans Mirth Connect de NextGen pourrait exposer les donn\u00e9es de sant\u00e9"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">26 octobre 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9 \/ S\u00e9curit\u00e9 du r\u00e9seau<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/Une-faille-critique-dans-Mirth-Connect-de-NextGen-pourrait-exposer.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Les utilisateurs de <a rel=\"nofollow noopener\" href=\"https:\/\/www.nextgen.com\/solutions\/interoperability\/mirth-integration-engine\" target=\"_blank\">Joie de se connecter<\/a>une plate-forme d&#8217;int\u00e9gration de donn\u00e9es open source de NextGen HealthCare, est invit\u00e9e \u00e0 mettre \u00e0 jour vers la derni\u00e8re version suite \u00e0 la d\u00e9couverte d&#8217;une vuln\u00e9rabilit\u00e9 d&#8217;ex\u00e9cution de code \u00e0 distance non authentifi\u00e9e.<\/p>\n<p>Suivi comme <strong>CVE-2023-43208<\/strong>la vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/nextgenhealthcare\/connect\/wiki\/4.4.1---What&#039;s-New\" target=\"_blank\">version 4.4.1<\/a> sorti le 6 octobre 2023.<\/p>\n<p>&#8220;Il s&#8217;agit d&#8217;une vuln\u00e9rabilit\u00e9 d&#8217;ex\u00e9cution de code \u00e0 distance non authentifi\u00e9e et facilement exploitable&#8221;, Naveen Sunkavally d&#8217;Horizon3.ai. <a rel=\"nofollow noopener\" href=\"https:\/\/www.horizon3.ai\/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208\/\" target=\"_blank\">dit<\/a> dans un rapport de mercredi.  &#8220;Les attaquants exploiteraient tr\u00e8s probablement cette vuln\u00e9rabilit\u00e9 pour un premier acc\u00e8s ou pour compromettre des donn\u00e9es de sant\u00e9 sensibles.&#8221;<\/p>\n<p>Appel\u00e9 le \u00ab couteau suisse de l&#8217;int\u00e9gration des soins de sant\u00e9 \u00bb, Mirth Connect est un moteur d&#8217;interface multiplateforme utilis\u00e9 dans le secteur de la sant\u00e9 pour communiquer et \u00e9changer des donn\u00e9es entre des syst\u00e8mes disparates de mani\u00e8re <a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Health_Level_7\" target=\"_blank\">mani\u00e8re standardis\u00e9e<\/a>.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/moon-i-2.1\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/Les-Bing-Chat-Ads-de-Microsoft-alimentees-par-lIA-peuvent.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Des d\u00e9tails techniques suppl\u00e9mentaires sur la faille ont \u00e9t\u00e9 retenus \u00e9tant donn\u00e9 que les versions de Mirth Connect remontant \u00e0 2015\/2016 se sont r\u00e9v\u00e9l\u00e9es vuln\u00e9rables au probl\u00e8me.<\/p>\n<p>Il convient de noter que CVE-2023-43208 est un contournement de correctif pour <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-37679\" target=\"_blank\">CVE-2023-37679<\/a> (score CVSS : 9,8), une vuln\u00e9rabilit\u00e9 critique d&#8217;ex\u00e9cution de commandes \u00e0 distance (RCE) dans le logiciel qui permet aux attaquants d&#8217;ex\u00e9cuter des commandes arbitraires sur le serveur d&#8217;h\u00e9bergement.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/1698319543_455_Une-faille-critique-dans-Mirth-Connect-de-NextGen-pourrait-exposer.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/1698319543_455_Une-faille-critique-dans-Mirth-Connect-de-NextGen-pourrait-exposer.jpg\" alt=\"Vuln\u00e9rabilit\u00e9\" border=\"0\" data-original-height=\"517\" data-original-width=\"728\" title=\"Vuln\u00e9rabilit\u00e9\"\/><\/a><\/div>\n<p>Alors que CVE-2023-37679 a \u00e9t\u00e9 d\u00e9crit par ses responsables comme affectant uniquement les serveurs ex\u00e9cutant Java 8, l&#8217;analyse d&#8217;Horizon3.ai a r\u00e9v\u00e9l\u00e9 que toutes les instances de Mirth Connect, quelle que soit la version de Java, \u00e9taient sensibles au probl\u00e8me.<\/p>\n<p>Compte tenu de la facilit\u00e9 avec laquelle la vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e de mani\u00e8re triviale, coupl\u00e9e au fait que les m\u00e9thodes d&#8217;exploitation sont bien connues, il est recommand\u00e9 de mettre \u00e0 jour Mirth Connect, en particulier ceux qui sont accessibles au public sur Internet, vers la version 4.4.1 d\u00e8s que possible pour att\u00e9nuer les menaces potentielles.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/10\/critical-flaw-in-nextgens-mirth-connect.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80226 octobre 2023\ue804R\u00e9dactionVuln\u00e9rabilit\u00e9 \/ S\u00e9curit\u00e9 du r\u00e9seau Les utilisateurs de Joie de se connecterune plate-forme d&#8217;int\u00e9gration de donn\u00e9es open source de NextGen HealthCare, est invit\u00e9e \u00e0 mettre \u00e0 jour vers la derni\u00e8re version suite \u00e0 la d\u00e9couverte d&#8217;une vuln\u00e9rabilit\u00e9 d&#8217;ex\u00e9cution de code \u00e0 distance non authentifi\u00e9e. Suivi comme CVE-2023-43208la vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans version [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":987995,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,4168,115943,22,4165,4161,200267,429,1343,42040,9048,4159,4171,65,200271,211198,200268,53671,200269,200270,2102,34,128318,4172,4169,196,4166,4164],"class_list":["post-987994","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-comment-pirater","tag-connect","tag-critique","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-dans","tag-donnees","tag-exposer","tag-faille","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-mirth","tag-mises-a-jour-sur-la-cybersecurite","tag-nextgen","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-pourrait","tag-sante","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-une","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/987994","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=987994"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/987994\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/987995"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=987994"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=987994"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=987994"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}