CyberSec.Space Logo
Back to CVE Browser

CVE-2017-11743

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0930%
EPSS Percentile4.79th
PublishedJul 31, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to intercept sensitive patient information. The admin account password is hard-coded as $K8t1ng throughout the application, and is the same across all installations. Customers do not have the option to change the Mirth Connect admin account password. The Mirth Connect admin account is created during the Connex install. The plaintext account password is hard-coded multiple times in the Connex install and update scripts.

Affected Platforms (CPE)

πŸ“¦
Medhost

Connex

All versions

References & Advisories

πŸ”— http://seclists.org/fulldisclosure/2017/Jul/75
πŸ”— http://www.securityfocus.com/bid/100086
πŸ”— http://seclists.org/fulldisclosure/2017/Jul/75
πŸ”— http://www.securityfocus.com/bid/100086

Related Vulnerabilities

CVE-2017-116149.8

MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-...

CVE-2021-274109.8

The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welc...

CVE-2021-274087.5

The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code executi...

CVE-2017-514510.0

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. S...