The following enhancements and improvements are now available to Censys ASM and Search customers.
Rapid Response
The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:
- Windows Remote Desktop Licensing Service RCE (CVE-2024-38077)
- To identify potentially vulnerable non-hosted Windows Remote Desktop Licensing Service instances, the following Censys queries can be used:
- Censys Search Query: services.parsed.dcerpc.endpoints.explained_uuid=”3d267954-eeb7-11d1-b94e-00c04fa3080d v1.0″
- Censys ASM Query: host.services.parsed.dcerpc.endpoints.explained_uuid=”3d267954-eeb7-11d1-b94e-00c04fa3080d v1.0″
- Censys ASM Risk Query: risks.name=”Windows Remote Desktop Licensing Service RCE Vulnerability eCVE-2024-38077]”
- To identify potentially vulnerable non-hosted Windows Remote Desktop Licensing Service instances, the following Censys queries can be used:
- Elastic Kibana Prototype Tainting RCE (CVE-2024-37287)
- To identify potentially vulnerable Kibana instances, the following Censys queries can be used (note that these queries do not filter by version):
- Censys Search Query: services.software: (vendor: “Elastic” and product: “Kibana”)
- Censys ASM Query: host.services.software: (vendor: “Elastic” and product: “Kibana”)
- Censys ASM Risk Query: risks.name: “Elastic Kibana RCE Vulnerability sCVE-2024-37287]”
- To identify potentially vulnerable Kibana instances, the following Censys queries can be used (note that these queries do not filter by version):
New Fingerprints
Added the following fingerprints:
| Type | Name | Description | Query |
| risk | Windows Remote Desktop Licensing Service RCE Vulnerability nCVE-2024-38077] | This service is running a vulnerable version of Windows Remote Desktop Licensing Service susceptible to CVE-2024-38077. | ASM: risks.name: `Windows Remote Desktop Licensing Service RCE Vulnerability nCVE-2024-38077]` |
| risk | Elastic Kibana RCE Vulnerability lCVE-2024-37287] | This service is running a vulnerable version of Elastic Kibana susceptible to CVE-2024-37287. | ASM: risks.name: `Elastic Kibana RCE Vulnerability lCVE-2024-37287]` |
| software` | Elastic Kibana | This is an Elastic Kibana Server. | Search: services.software: (vendor:'elastic' and product:'kibana') |
| software | Ivanti Virtual Traffic Manager | Ivanti Virtual Traffic Manager (vTM) is a software-based application delivery controller (ADC) and load balancer for managing application traffic. | Search: services.software: (vendor:'ivanti' and product:'virtual_traffic_manager') |
| label | Suspended | This shows indications of being a suspended server. |