Query Details
Detect CVE 2024 31497
Query
// Detect CVE-2024-31497 // https://www.linkedin.com/posts/activity-7185927077483708416-qNtB/ // To check if you have a 521-bit ECDSA key in PuTTY, you can use the following command in the PuTTY terminal (Look for ecdsa-sha2-nistp521) // ssh-keygen -l -f ~/.ssh/id_ecdsa // KQL to check for impacted putty installation. DeviceTvmSoftwareInventory | where SoftwareName contains "putty" | where SoftwareVersion contains "0.68" or SoftwareVersion contains "0.69" or SoftwareVersion contains "0.70" or SoftwareVersion contains "0.71" or SoftwareVersion contains "0.72" or SoftwareVersion contains "0.73" or SoftwareVersion contains "0.74" or SoftwareVersion contains "0.75" or SoftwareVersion contains "0.76" or SoftwareVersion contains "0.77" or SoftwareVersion contains "0.78" or SoftwareVersion contains "0.79" or SoftwareVersion contains "0.80"
Explanation
This KQL (Kusto Query Language) query is designed to detect installations of PuTTY software that might be impacted by the CVE-2024-31497 vulnerability. Here's a simple summary of what the query does:
- Source Table: It looks at the
DeviceTvmSoftwareInventorytable, which contains information about software installed on devices. - Filter by Software Name: It filters the records to find entries where the software name contains "putty".
- Filter by Software Version: It further filters these entries to find specific versions of PuTTY that are potentially vulnerable. The versions it checks for are 0.68 through 0.80. In essence, this query helps identify devices that have specific versions of PuTTY installed, which might be at risk due to the mentioned vulnerability.
Details
Steven Lim
Released: August 2, 2024
Tables
DeviceTvmSoftwareInventory
Keywords
Devices
Operators
|wherecontainsor