The following enhancements and improvements are now available to Censys ASM and Search customers.
Rapid Response
The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:
- PoC Exploit Available for Mitel MiCollab VoIP Platform [CVE-2024-35286, CVE-2024-41713, CVE-2024-55550]
- Use the following queries to map Mitel services. Not all of these are necessarily vulnerable, as specific version information may not be available.
- Censys Search query
- Censys ASM query
- Cleopocalypse: 70% of Cleo File Transfer Exposures may be Vulnerable to Unauthenticated RCE [CVE-2024-55956]
- Use the following queries to map Cleo services. Not all of these are necessarily vulnerable, as specific version information may not be available.
- Censys Search query
- Censys ASM query
- Censys ASM risk query
- Actively Exploited Flaw in Apache Struts File Upload Logic [CVE-2024-53677]
- Use the following queries to identify Struts services. Not all of these are necessarily vulnerable, as specific version information may not be available.
- Censys Search query
- Censys ASM query
- Additionally, this query can be used as a strong indicator of Apache Struts. However, it has a lower confidence level than the query above and requires further investigation on the host to confirm that Struts is in use.
New Fingerprints
Added the following fingerprints:
| Type | Name | Description | Query |
| software | Apache Struts | This is an Apache Struts service. | |
| software | Mitel MiCollab | This is a Mitel MiCollab service. | Search Query |
