The following enhancements and improvements are now available to Censys ASM and Search customers.
Censys ASM
- Restored the ability to add comments to risks after accepting them or changing the default severity level on risk instance pages for non-CVE risks in the ASM console.
Rapid Response
The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities:
- Critical Missing Authentication Bug in PAN Expedition could lead to Stolen Network Secrets [CVE-2024-5910]
- Cross-Site Scripting Vulnerability in pfSense [CVE-2024-46538]
- The following queries will return exposed pfSense Web Portal instances, though not all are necessarily vulnerable.
- Censys Search query
- Censys ASM query
- Windows KDC Proxy Remote Code Execution Vulnerability [CVE-2024-43639]
- Note that displayed devices are only vulnerable when configured as a Kerberos KDC Proxy Protocol server.
- Censys Search query
- Censys ASM query
- Active Exploitation of Critical RCE in Palo Alto Networks PAN-OS [CVE-2024-0012 and CVE-2024-9474]
- The following queries will return Palo Alto management interfaces regardless of PAN-OS version.
- Censys Search query
- Censys ASM query
