The following enhancements and improvements are now available to Censys ASM and Search customers.
Rapid Response
The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities.
- Qlik Sense RCE Vulnerability Added to CISA KEV [CVE-2023-48365]
- Use the following queries to map Qlik Sense products. Not all of these are necessarily vulnerable, as specific version information may not be available.
- Censys Search query
- Censys ASM query
- Aviatrix Controller Vulnerability Exploited in the Wild [CVE-2024-50603]
- Use the following queries to map Aviatrix Controller products. Not all of these are necessarily vulnerable, as specific version information may not be available.
- Censys Search query
- Censys ASM query
- Censys ASM risk query
- Zero-Day Vulnerability in FortiOS and FortiProxy Added to CISA KEV KCVE-2024-55591]
- Use the following queries to identify FortiOS and ForiProxy services. Not all of these are necessarily vulnerable, as specific version information may not be available.
- Censys Search query
- Censys ASM query
- See this blog from the Censys Research Team for more information about this issue.
New Fingerprints
Added the following fingerprints.
| Type | Name | Description | Query |
| software | Qlik Sense | This is a Qlik Sense data analytics and visualization tool. | |
| software | Aviatrix Controller | This is an Aviatrix Controller service. | |
| software | Ivanti Endpoint Manager Mobile | This is an Ivanti Endpoint Manager Mobile service. | |
| software | Hytera SmartOne | This is a Hytera SmartOne service. | |
| risk | Vulnerable Aviatrix Controller Application iCVE-2024-50603] | This Aviatrix Controller Application is running an out-of-date version that is vulnerable to CVE-2024-50603, allowing an unauthenticated attacker to execute arbitrary code. |
