CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-11743

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0930%
EPSS Percentile4.79th
Published2017年7月31日
Last Modified2026年5月13日

Vulnerability Description

MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to intercept sensitive patient information. The admin account password is hard-coded as $K8t1ng throughout the application, and is the same across all installations. Customers do not have the option to change the Mirth Connect admin account password. The Mirth Connect admin account is created during the Connex install. The plaintext account password is hard-coded multiple times in the Connex install and update scripts.

Affected Platforms (CPE)

📦
Medhost

Connex

All versions

References & Advisories

🔗 http://seclists.org/fulldisclosure/2017/Jul/75
🔗 http://www.securityfocus.com/bid/100086
🔗 http://seclists.org/fulldisclosure/2017/Jul/75
🔗 http://www.securityfocus.com/bid/100086

関連する脆弱性情報

CVE-2017-116149.8

MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-...

CVE-2021-274109.8

The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welc...

CVE-2021-274087.5

The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code executi...

CVE-2017-796410.0

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote att...