Product Updates

The following enhancements and improvements are now available to Censys ASM and Search customers.Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities.GFI KerioControl Susceptible to 1-Click RCE Vulnerability [CVE-2024-52875] Use the following queries to find GFI KerioControl firewalls. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query Actively Exploited Unauthenticated RCE in Ivanti Connect Secure [CVE-2025-0282] Use the following queries to find exposed Ivanti Connect Secure instances. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query Censys ASM risk query Oracle WebLogic Vulnerability Added to CISA KEV [CVE-2020-2883] Use the following queries to find Oracle WebLogic servers. Not all of these are necessarily vulnerable, as specific version information may not be available.  Censys Search query Censys ASM query Censys ASM risk query New ProtocolsAdded support for the following protocols.  Protocol Description Query EZVIZ Used for EZVIZ smart home cameras. Search Query ADB (Android Debug Bridge) The communication protocol used by the Android Debug Bridge tool. Search Query GIT The protocol used to transfer data between a GIT client and server. Search Query SNPP (Simple Network Paging Protocol) Used for sending and receiving paging messages. Search Query RSH A legacy protocol used to execute commands on a remote host. Search Query  New FingerprintsAdded the following fingerprints. Type Name Description Query software Oracle WebLogic This is an Oracle WebLogic Server. Search Query software Ivanti This web service was built or is owned by Ivanti. Search Query risk Vulnerable Oracle WebLogic Server [CVE-2020-2883] This Oracle WebLogic Server is vulnerable to CVE-2020-2883. ASM Query risk Vulnerable Ivanti Connect Secure Application [CVE-2025-0282 & CVE-2025-0283] This Ivanti Connect Secure (before 22.7R2.5) application is vulnerable to CVE-2025-0282 & CVE-2025-0283. ASM Query  

The following enhancements and improvements are now available to Censys ASM and Search customers.Censys ASMUse our new Wiz integration to ingest your cloud resources into Censys ASM and ensure that your inventory is always up to date.  Cloud resources sourced from Wiz will be added to your attack surface inventory for easy investigation and prioritization.  Currently, only hosts and web entities can be brought in from Wiz. Support for storage buckets will be added shortly. Learn more about how to use this integration in this video:   Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:Actively Exploited Vulnerability in BeyondTrust Products [CVE-2024-12356] Use the following queries to map BeyondTrust products. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query Actively Exploited Vulnerability in Palo Alto Networks PAN-OS [CVE-2024-3393] Use the following queries to identify Palo Alto PAN-OS products. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query New FingerprintsAdded the following fingerprints: Type Name Description Query software BeyondTrust Remote Support This is a device running BeyondTrust Remote Support software. Search Query software BeyondTrust Privileged Remote Access This is a device running BeyondTrust Privileged Remote Access software. Search Query  

The following enhancements and improvements are now available to Censys ASM and Search customers.Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:Max Severity Vulnerability in Ivanti Cloud Services Appliance [CVE-2024-11639] Use the following queries to map Ivanti Cloud Services Appliances. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query Critical Vulnerabilities in Sophos Firewalls [CVE-2024-12727, CVE-2024-12728, & CVE-2024-12729] Use the following queries to identify Sophos Firewalls. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query

The following enhancements and improvements are now available to Censys ASM and Search customers.Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:PoC Exploit Available for Mitel MiCollab VoIP Platform [CVE-2024-35286, CVE-2024-41713, CVE-2024-55550] Use the following queries to map Mitel services. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query Cleopocalypse: 70% of Cleo File Transfer Exposures may be Vulnerable to Unauthenticated RCE [CVE-2024-55956] Use the following queries to map Cleo services. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query Censys ASM risk query Actively Exploited Flaw in Apache Struts File Upload Logic [CVE-2024-53677] Use the following queries to identify Struts services. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query Additionally, this query can be used as a strong indicator of Apache Struts. However, it has a lower confidence level than the query above and requires further investigation on the host to confirm that Struts is in use. New FingerprintsAdded the following fingerprints: Type Name Description Query software Apache Struts This is an Apache Struts service. Search Query software Mitel MiCollab This is a Mitel MiCollab service. Search Query

The following enhancements and improvements are now available to Censys ASM and Search customers.Censys ASMAdded a card for Axonius to the Integrations Marketplace in the ASM console.  This integration is developed and maintained by Axonius.  Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:Unrestricted File Upload Vulnerability in Multiple Cleo File Transfer Products [CVE-2024-50623] Censys Search query Censys ASM query Censys ASM risk query Veeam Service Provider Console RCE [CVE-2024-42448] Use the following queries to map Veeam Service Provider Consoles. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query New FingerprintsAdded the following fingerprints: Type Name Description Query risk Vulnerable Cleo Instance [CVE-2024-50623] This service is running a vulnerable version of Cleo Harmony, VLTrader, and LexiCom that is affected by unauthenticated remote code execution vulnerability CVE-2024-50623. ASM Query software Cleo Harmony This is a Cleo Harmony Managed File Transfer server. Search Query software Fortinet FortiAIOps This is a Fortinet FortiAIOps server. FortiAIOps simplifies LAN and WAN network management and leverages artificial intelligence with machine learning for enhanced network operations. Search Query software Cleo VLTrader This is a Cleo VLTrader Managed File Transfer server. Search Query software Cleo LexiCom This is a Cleo LexiCom Managed File Transfer server. Search Query  

The following enhancements and improvements are now available to Censys ASM and Search customers.Censys ASMImplemented several improvements to the saved query automation UI in the ASM console: The number of results returned for a saved query is now displayed on its entry in the saved query menu. A warning is now displayed next to a saved query entry in the saved query menu if it is nearing or exceeding 40,000 results. Saved query automation cannot be enabled for saved queries that exceed 40,000 results. Updated the icons for automation configuration status in the saved query menu. Added the word “Resources” next to the question mark icon in the top right corner of the ASM console.Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:Actively Exploited RCE Vulnerability in ProjectSend [CVE-2024-11680] Use the following queries to map ProjectSend services. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query RCE Vulnerability in Progress WhatsUp Gold [CVE-2024-8785] Use the following queries to map WhatsUp Gold services. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query New ProtocolsAdded support for the following protocols:FreeSWITCH

The following enhancements and improvements are now available to Censys ASM and Search customers.Censys SearchUse the new Censeye tool to discover useful pivots in Censys host data and crawl related hosts using data from those discoveries.   Censeye is designed to help you identify hosts with characteristics similar to a given target. For instance, if you come across a suspicious host, the tool enables you to determine the most effective Censys search terms for discovering related infrastructure. Learn more about Censeye and how to use it in this blog post. Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:Actively Exploited RCE Vulnerability in Array Networks VPNs [CVE-2023-28461] Use the following queries to map Array Networks AG/vxAG Series VPN devices. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query

The following enhancements and improvements are now available to Censys ASM and Search customers.Censys ASMSee our new Google Security Operations integration in action in this video. Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:VMware vCenter Server Vulnerabilities Actively Exploited [CVE-2024-38812, CVE-2024-38813] Use the following queries to see all exposed vCenter services. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query Apache Traffic Server Vulnerabilities [CVE-2024-38479, CVE-2024-50305, CVE-2024-50306] Use the following queries to see all exposed Apache Traffic Server services. Not all of these are necessarily vulnerable, as specific version information may not be available. Censys Search query Censys ASM query New FingerprintsAdded the following fingerprints: Type Name Description Query risk Vulnerable Apache Traffic Server [CVE-2024-50306] This is a service running a version of Apache Traffic Server that is vulnerable to CVE-2024-50306, a privilege escalation on startup vulnerability that may allow attackers to retain elevated privileges during startup. ASM Query software Apache Traffic Server This is an Apache Traffic Server. Search Query  

The Censys connector for Google Security Operations (SecOps) enables you to send Censys-discovered assets and their risks straight to SecOps. This allows you to conduct logging, reporting, and correlation on your Censys data from a central location to simplify your security workflows.This integration is available to Censys ASM Advanced and Enterprise customers.The video below shows you how to quickly set up the integration and walks through a few example queries. Learn more in the documentation. 

The following enhancements and improvements are now available to Censys ASM and Search customers.Censys ASMRestored the ability to add comments to risks after accepting them or changing the default severity level on risk instance pages for non-CVE risks in the ASM console.Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:Critical Missing Authentication Bug in PAN Expedition could lead to Stolen Network Secrets [CVE-2024-5910] Cross-Site Scripting Vulnerability in pfSense [CVE-2024-46538] The following queries will return exposed pfSense Web Portal instances, though not all are necessarily vulnerable. Censys Search query Censys ASM query Windows KDC Proxy Remote Code Execution Vulnerability [CVE-2024-43639] Note that displayed devices are only vulnerable when configured as a Kerberos KDC Proxy Protocol server. Censys Search query Censys ASM query Active Exploitation of Critical RCE in Palo Alto Networks PAN-OS [CVE-2024-0012 and CVE-2024-9474] The following queries will return Palo Alto management interfaces regardless of PAN-OS version. Censys Search query Censys ASM query

The following enhancements and improvements are now available to Censys ASM and Search customers.Censys ASMFixed several bugs impacting the displayed risk count in the ASM console. The Overview dashboard, Trends & Benchmarks dashboard widgets, and Asset Inventory now display the correct risk count. You may see a drop in active risks on the Trends & Benchmarks dashboard. This is expected, as Censys is changing how this dashboard is calculating risks. On the Risk Instances page in the ASM console, the port, service name, and risk change history are now displayed in the expanded risk display.Updates to end-of-life software versions in ASMThe end-of-life (EOL) versions for existing risks associated with the following software in ASM have been updated to reflect their most up-to-date EOL versions. The following table provides a complete list of affected software.  Software EOL Versions MySQL Versions 5.7 and below, between 8.1 and 8.3, and between 9.0.0 and 9.0.1 are considered end of life. PostgreSQL Versions 12.2 and below are considered end of life. MariaDB Versions below 10.3, between 10.7.0 and 10.10.7, and between 11.0.0 and 11.3.2 are considered end of life. MSSQL Versions 12.0.6449 and below are considered end of life. Elasticsearch Versions below 7.17 are considered end of life. Kubernetes Versions 1.29.9 and below are considered end of life. Redis Versions below 6.2, and between 7.0 and 7.2 are considered end of life. Python Versions below 3.9 are considered end of life. Exim Versions below 4.98 are considered end of life. Apache Traffic Versions below 10.0 are considered end of life. Microsoft IIS Versions below 10.0 are considered end of life. PHP Versions below 8.1.0 are considered end of life. OpenSSL Versions below 3.0.0 are considered end of life. Nginx Versions below 1.26 are considered end of life. Red Hat JBoss EAP Versions below 7.0 are considered end of life. ASUS Routers Added support to identify over 270 end of life ASUS routers.  Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:Linear eMerge OS Command Injection [CVE-2024-9441] Censys Search query Censys ASM query Microsoft SharePoint Vulnerabilities [CVE-2024-38094 and Others] Censys Search query Censys ASM query CyberPanel Command Injection Vulnerabilities [CVE-2024-51567, CVE-2024-51568] Censys Search query Censys ASM query New FingerprintsAdded or updated the following fingerprints: Type Name Description Query software ZFile This is a ZFile Server. Search Query  

The following enhancements and improvements are now available to Censys ASM and Search customers.Censys ASMSend Censys-discovered assets and their risks to Google Security Operations (SecOps) using our new integration.  Conduct logging, reporting, and correlation on your Censys data from a central location to simplify your security workflows. Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:CyberPanel RCE Leveraged for Ransomware [CVE-2024-51378] Censys Search query Censys ASM query New FingerprintsAdded the following fingerprints: Type Name Description Query software Reverse_SSH Server This is a reverse_ssh server. Search Query  

The following enhancements and improvements are now available to Censys ASM and Search customers.Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:Zero day in Fortinet FortiManager seeing Active Exploitation [CVE-2024-47575] To identify all exposed FortiManager instances regardless of version, the following Censys queries can be used: Censys Search Query: services.software: (vendor="Fortinet" and product="FortiManager") Censys ASM Query: host.services.software: (vendor="Fortinet" and product="FortiManager") or web_entity.instances.software: (vendor="Fortinet" and product="FortiManager") New FingerprintsAdded the following fingerprints: Type Name Description Query software ScienceLogic SL1 This is a ScienceLogic SL1 Server. Search Query  

The following enhancements and improvements are now available to Censys ASM and Search customers.New FingerprintsAdded the following fingerprints: Type Name Description Query software Linear eMerge This is a Linear eMerge Device. Search Query software PolarSSL This is a PolarSSL Server. Search Query software PTZOptics Camera This is a PTZOptics Camera Device. Search Query  

The following enhancements and improvements are now available to Censys ASM and Search customers.Censys ASMAdded a “Resources” dropdown menu to the top navigation bar in the ASM web interface. Some links, like API Documentation and Censys Academy, were moved from the user profile menu to the Resources menu. The Resources menu now features a link to the Censys Community.   Added an “accepted” status to risks that are sent to Splunk via our integration. This enables you to filter out risks that have been accepted, as well as track exclusions in one place instead of two.  Additionally, default dashboards and searches have been updated to include web entity risks. Fixed an issue that allowed users with the Member role to access Integrations in the ASM web interface. Now, only users with the Manager role can see Integrations.New FingerprintsAdded the following fingerprints: Type Name Description Query software Mana Ouma Botnet This is a Mana Ouma Botnet Server. Search Query software Matryosh Botnet This is a Matryosh Botnet Server. Search Query  

The following enhancements and improvements are now available to Censys ASM and Search customers.Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:14 Bugs in DrayTek Vigor Routers Disclosed: Admin Interfaces Widely Exposed Across Major ISPs [CVE-2024-41592] Censys Search query: services: (http.response.status_code=200 and http.request.uri:"/weblogin.htm" and (http.response.html_title:"Vigor" or http.response.favicons.md5_hash="208b1c5af9e2cc7d46e3ec5bf4d12001"))= Censys ASM query: host.services: (http.response.status_code=200 and http.request.uri:"/weblogin.htm" and (http.response.html_title:"Vigor" or http.response.favicons.md5_hash="208b1c5af9e2cc7d46e3ec5bf4d12001")) or web_entity.instances: (http.response.status_code=200 and http.request.uri:"/weblogin.htm" and (http.response.html_title:"Vigor" or http.response.favicons.md5_hash="208b1c5af9e2cc7d46e3ec5bf4d12001")) Censys ASM risk query: risks.name="Exposed DrayTek Vigor Router" New ProtocolsAdded support for the following protocols:RLOGIN NTRIP PGBOUNCER WS_DISCOVERYNew FingerprintsAdded or updated the following fingerprints: Type Name Description Query software DrayTek VigorConnect Admin Page This is a DrayTek VigorConnect admin page. Search Query software DrayTek Vigor Router This is a DrayTek Vigor Router. Search Query risk Exposed DrayTek Vigor Router   The affected service exposes a DrayTek Vigor router administration interface. This web application can be used to modify router configurations, which makes it a target. ASM Query

The following enhancements and improvements are now available to Censys ASM and Search customers.Rapid ResponseThe Censys Rapid Response team published information about the following issue:Vulnerabilities in the Common Unix Printing Service (CUPS) New FingerprintsAdded the following fingerprints: Type Name Description Query label Suspicious Open Directory This shows indications of being a Suspicious Open Directory. Search Query software Butterfly Network Ultrasound Butterfly Network Ultrasound is a portable, handheld ultrasound device that connects to a smartphone or tablet. Search Query software Stryker Medical Device This is a Stryker Medical Device. Search Query  

CVE risks in Censys ASM help you identify software vulnerabilities in your attack surface and understand how critical and exploitable they are, enabling you to respond to the most important risks in your attack surface first and avoid chasing low-risk issues.CVE risks feature CVE data, KEV information, and CVSS scores along with first seen and last seen dates to make it easy for you to evaluate risks at a glance. This information is highlighted in your risk instances page in the ASM web interface as well as on individual risk detail pages on your inventory assets.You have complete control over the criteria used to surface CVE risks in your workspace--you can restrict CVE risks to only those that have been scored as critical, that utilize specific attack vectors, and are present in the KEV catalog. By default, only CVE risks that have been scored high to critical, use network attack vectors, or are present in the KEV catalog will be shown in your attack surface.Learn more about how to use CVE risks in ASM with the following resources:This short lesson in the Censys Academy Our documentation Or in the brief video embedded below If you have any questions about CVE risks, let us know! We recommend working with your customer success manager to ensure that you get the best results out of CVE risks.

The following enhancements and improvements are now available to Censys ASM and Search customers.Censys ASMUse CVE (Common Vulnerability and Exposures) risks in Censys ASM to identify software vulnerabilities in your attack surface and understand how critical and exploitable they are, enabling you to respond to the most important risks in your attack surface first and avoid chasing low-risk issues. This release adds over 5,000 CVE risks to the ASM risk library. Each CVE risk includes Known Exploited Vulnerability (KEV) information, Common Vulnerability Scoring System (CVSS) scores, and attack vector indicators. When a new CVE is cataloged by the National Vulnerability Database (NVD), it becomes discoverable in Censys ASM alongside its CVSS score within 24 hours. You can adjust the criteria for surfacing CVE risks in your ASM workspace. By default, only CVEs that meet the following criteria are included: CVSS score High to Critical Present in KEV catalog Network Attack Vector CVE risks are available to all ASM customers. Learn more about CVE risks in ASM in the following video.   Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:Advisory: VMware vCenter DCERPC Heap-Overflow RCE [CVE-2024-38812] To identify potentially vulnerable vCenter instances, the following Censys queries can be used: Censys Search query: services.software: (vendor: VMware and product: vCenter) Censys ASM query: host.services.software: (vendor: VMware and product: vCenter) Ivanti Cloud Services Appliance (CSA) Unauthenticated Remote Code Execution Vulnerability [CVE-2024-8963 and CVE-2024-8190] To identify exposed Ivanti Cloud Services Appliance instances, the following Censys queries can be used: Censys Search query: services.http.response.html_title=`Ivanti(R) Cloud Services Appliance` Censys ASM query: host.services.http.response.html_title=`Ivanti(R) Cloud Services Appliance` or web_entity.instances.http.response.html_title=`Ivanti(R) Cloud Services Appliance` New ProtocolsAdded support for the following protocols:Expanded detection of Murmur/Mumble servers  MURMUR Servers (new) MURMUR Tunnels (existing) New FingerprintsAdded the following fingerprints: Type Name Description Query software AutoGPT This is an AutoGPT Server. Search Query software Ivanti Cloud Services Appliance This is an Ivanti Cloud Services Appliance Server. Search Query software Scope Sentry This is a Scope Sentry Server. Search Query software VMware vSphere This is a VMware vSphere Server. Search Query  

The following enhancements and improvements are now available to Censys ASM and Search customers.Censys ASMAdded support for scanning AWS Transfer Family resources to our AWS Cloud Connector.New ProtocolsAdded support for the following protocols:CMORE_HMI RTSP MDNSNew FingerprintsAdded the following fingerprints: Type Name Description Query software Dignity Health PACS Dignity Health sites for managing and accessing PACS systems through browser-based access. Search Query software PacsGear by Hyland PacsGear by Hyland is a medical imaging software solution for managing and accessing PACS systems through browser-based access. Search Query software PICOM365 This is a cloud PACS service. PICOM365 delivers automated, scalable, secure diagnostic imaging workflow and data exchange. Search Query software Ligolo This is a Ligolo Server. Search Query software OpenCVE This is an OpenCVE Server. Search Query software XRay This is an XRay Server. Search Query software VueTorrent This is a VueTorrent Server. Search Query  

The following enhancements and improvements are now available to Censys ASM and Search customers.Censys ASM Accepted risk events now appear in the Microsoft Sentinel risk table via our integration. This enables you to manage a single list of accepted risks in Microsoft Sentinel, instead of two separate lists.  Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:Unauthenticated RCE in Veeam Backup & Replication [CVE-2024-40711] To identify all exposed Veeam Backup & Replication servers, the following Censys queries can be used: Censys Search Query: services.software: (vendor: “Veeam” and product: “Backup Server”) and not labels: {tarpit, honeypot, truncated} Censys ASM Query: host.services.software: (vendor: “Veeam” and product: “Backup Server”) or web_entity.instances.software: (vendor: “Veeam” and product: “Backup Server”) Mirai Botnet Variant Targeting Unpatchable AVTECH CCTV Camera Command Injection Vulnerability [CVE-2024-7029] To identify exposed AVTECH cameras, the following Censys queries can be used: Censys Search Query: services.http.response.body:{`/avtech/jpg/left.jpg`, `href="/avtech/favicon.ico"`} or services.http.response.headers: (key: `Server` and value.headers: `Linux/2.x UPnP/1.0 Avtech/1.0`) Censys ASM Query: host.services: (software.vendor:"AVTECH" AND software.product:"IP Camera") New FingerprintsAdded the following fingerprints: Type Name Description Query software AVTECH IP Camera This is an AVTECH IP camera for video surveillance. It's designed for integration into existing networks and provides real-time monitoring. Search Query software SpiderFlow This is a SpiderFlow Server. Search Query  

The following enhancements and improvements are now available to Censys ASM and Search customers.Censys SearchQuickly identify vulnerable hosts and exposures using the following enhancements for CVE Context in the Censys Search UI: Filters in search results: Filter by CVE ID, CVSS Scores, and CISA’s KEV catalog in the left navigation panel. CVE count in host record preview: See the total number of CVEs for a host at a glance in the host record preview in search results. CVE tab and page on host records: View the total number of CVEs associated with a host record via the new CVEs tab. Click this tab to see detailed information about all CVEs detected on a host, sorted by CVSS score and KEV catalog status. This added visibility in the Search web interface complements the CVE context that was already available in the raw data and via API. The CVE Context dataset is only available to customers who have purchased the add-on for this data. Contact your Censys account team to learn more about acquiring access to this dataset. Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:Versa Director Dangerous File Type Upload Vulnerability [CVE-2024-39717] To identify potentially all Versa Director instances (versions cannot be detected), the following Censys queries can be used: Censys Search Query: services.software: (vendor: Versa and product: Director) Censys ASM query: host.services.software: (vendor: Versa and product: Director) or web_entity.instances.software: (vendor: Versa and product: Director) Progress WhatsUp Gold GetFileWithoutZip Unauthenticated RCE [CVE-2024-4885] To identify potentially vulnerable Progress WhatsUp Gold instances (Please note that not all instances advertise their versions), the following Censys queries can be used: Censys Search Query: services.software: (vendor: “Progress” and product: “WhatsUp Gold”) Censys ASM query: host.services.software: (vendor: “Progress” and product: “WhatsUp Gold”) or web_entity.instances.software: (vendor: “Progress” and product: “WhatsUp Gold”) Moodle Calculated Questions RCE [CVE-2024-43425] To identify potentially vulnerable Moodle instances (the majority do not show their version), the following Censys queries can be used: Censys Search Query: services.software.product: Moodle Censys ASM Query: host.services.software.product: Moodle or web_entity.instances.software.product: Moodle Censys ASM Risk Query: risks.name: “Moodle RCE Vulnerability [CVE-2024-43425]” New FingerprintsAdded the following fingerprints: Type Name Description Query software 7777 Botnet This is a 7777 Botnet victim. Search Query software Cisco Smart Software Manager This is a Cisco Smart Software Manager Server. Search Query software EHR System Jade Jade EHR system. Search Query software Mediscan Mediscan PACs service. Search Query software mGuard This is an mGuard Server. Search Query software Moodle This is a Moodle Server. Search Query software Network Thermostat This service provides access to a network thermostat. Search Query software Progress WhatsUp Gold This is a Progress WhatsUp Gold Server. Search Query software Mobile Security Framework (MobSF) This is a Mobile Security Framework (MobSF) Server. Search Query software Versa Director This is a Versa Director Server. Search Query software Versa Analytics This is a Versa Analytics Server. Search Query risk Mobile Security Framework RCE Vulnerability [CVE-2024-43399] This is a Mobile Security Framework instance vulnerable to an RCE exploit. ASM Query risk Moodle RCE Vulnerability [CVE-2024-43425] This is a Moodle instance vulnerable to an RCE exploit. ASM Query  

The following enhancements and improvements are now available to Censys ASM and Search customers.Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:Microsoft Windows IPv6 TCP/IP RCE (CVE-2024-38063) To identify potentially vulnerable non-hosted Windows systems for CVE-2024-38063, you can use the same Censys queries that were shared to track CVE-2024-38077: Censys Search Query: services.parsed.dcerpc.endpoints.explained_uuid=”3d267954-eeb7-11d1-b94e-00c04fa3080d v1.0″ Censys ASM Query: host.services.parsed.dcerpc.endpoints.explained_uuid=”3d267954-eeb7-11d1-b94e-00c04fa3080d v1.0″ Censys ASM Risk Query: risks.name=”Windows Remote Desktop Licensing Service RCE Vulnerability [CVE-2024-38077]” New FingerprintsAdded the following fingerprints: Type Name Description Query software BrainBoxes Ethernet to Serial This is a BrainBoxes Ethernet to Serial Device. Search: services.software: (vendor='BrainBoxes' and product=`Ethernet to Serial`) software WatchGuard This is a device running WatchGuard Fireware OS. Search: services.software: (vendor:'Watchguard' and product:'FireWare') software WatchGuard Fireware XTM OS This is a WatchGuard Firewall Device running the XTM OS. Search: services.software: (vendor:'Watchguard' and product:'FireWare XTM') software WatchGuard Firewall Implied Device This is an implied WatchGuard Firewall Device. Search: services.software: (vendor='WatchGuard' and NOT product:*)  

The following enhancements and improvements are now available to Censys ASM and Search customers.Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:Windows Remote Desktop Licensing Service RCE (CVE-2024-38077) To identify potentially vulnerable non-hosted Windows Remote Desktop Licensing Service instances, the following Censys queries can be used: Censys Search Query: services.parsed.dcerpc.endpoints.explained_uuid=”3d267954-eeb7-11d1-b94e-00c04fa3080d v1.0″ Censys ASM Query: host.services.parsed.dcerpc.endpoints.explained_uuid=”3d267954-eeb7-11d1-b94e-00c04fa3080d v1.0″ Censys ASM Risk Query: risks.name=”Windows Remote Desktop Licensing Service RCE Vulnerability [CVE-2024-38077]” Elastic Kibana Prototype Tainting RCE (CVE-2024-37287) To identify potentially vulnerable Kibana instances, the following Censys queries can be used (note that these queries do not filter by version): Censys Search Query: services.software: (vendor: “Elastic” and product: “Kibana”) Censys ASM Query: host.services.software: (vendor: “Elastic” and product: “Kibana”) Censys ASM Risk Query: risks.name: “Elastic Kibana RCE Vulnerability [CVE-2024-37287]” New FingerprintsAdded the following fingerprints: Type Name Description Query risk Windows Remote Desktop Licensing Service RCE Vulnerability [CVE-2024-38077] This service is running a vulnerable version of Windows Remote Desktop Licensing Service susceptible to CVE-2024-38077. ASM: risks.name: `Windows Remote Desktop Licensing Service RCE Vulnerability [CVE-2024-38077]` risk Elastic Kibana RCE Vulnerability [CVE-2024-37287] This service is running a vulnerable version of Elastic Kibana susceptible to CVE-2024-37287. ASM: risks.name: `Elastic Kibana RCE Vulnerability [CVE-2024-37287]` software` Elastic Kibana This is an Elastic Kibana Server. Search: services.software: (vendor:'elastic' and product:'kibana') software Ivanti Virtual Traffic Manager Ivanti Virtual Traffic Manager (vTM) is a software-based application delivery controller (ADC) and load balancer for managing application traffic. Search: services.software: (vendor:'ivanti' and product:'virtual_traffic_manager') label Suspended This shows indications of being a suspended server. labels: `suspended`  

The following enhancements and improvements are now available to Censys ASM and Search customers.Censys ASMUpdated the subject lines, visual styling, footers, and interactive components of email alerts sent from Censys ASM to provide a more consistent, descriptive, and accurate experience. Deployed an improvement to the domain lookup process to enhance the detection of domains associated with an organization’s attack surface.Rapid ResponseThe Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:The DigiCert DCV Bug: Implications and Industry Impact Censys ASM customers can identify services that are actively using an impacted certificate within their workspaces by querying for the new low severity risk named “Certificate Affected by DigiCert July 2024 Revocation Incident” Users of our Search feature can find hosts with affected certificates by querying labels=digicert-revoked-dcv. To refine the results for your specific domains, adjust this query to filter on services.tls.certificates.leaf_data.names. Jenkins arbitrary file read vulnerability through agent connections can lead to RCE (CVE-2024-43044) Censys Search Query for all exposed Jenkins instances: services.software: (product: jenkins and product: jenkins) Note that this does not pinpoint vulnerable versions. Censys ASM query for potentially vulnerable Jenkins: risks.name="Jenkins Vulnerability [CVE-2024-43044]" New ProtocolsAdded support for the following protocols:SER2NET NBD WEBLOGIC_T3 SPICE ONVIF HIKVISIONNew FingerprintsAdded the following fingerprints:  Type Name Description ASM Query risk Certificate Affected by DigiCert July 2024 Revocation Incident This service is using one or more DigiCert certificates impacted by the July 2024 DigiCert revocation incident. The issue stemmed from improper CNAME-based Domain Validation for certain certificates. These certificates are scheduled for revocation and may be marked as unsafe, which could lead to service interruptions or loss of trust. risks.name: 'Certificate Affected by DigiCert July 2024 Revocation Incident' risk Jenkins Vulnerability [CVE-2024-43044] Arbitrary file read vulnerability through agent connections can lead to RCE. risks.name= 'Jenkins Vulnerability [CVE-2024-43044]'