CVE-2022-39952
published 2023-02-16CVE-2022-39952: A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through…
PriorityP194critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
99.81%
100.0th percentile
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinac | — | — |
| fortinet | fortinac | — | — |
| fortinet | fortinac | — | — |
| fortinet | fortinac | 8.3.7 – 8.8.9 | — |
| fortinet | fortinac | 8.5.0 – 8.5.4 | — |
| fortinet | fortinac | 8.6.0 – 8.6.5 | — |
| fortinet | fortinac | 8.7.0 – 8.7.6 | — |
| fortinet | fortinac | 8.8.0 – 8.8.11 | — |
| fortinet | fortinac | >= 9.1.0 < 9.1.8 | 9.1.8 |
| fortinet | fortinac | 9.1.0 – 9.1.7 | — |
| fortinet | fortinac | >= 9.2.0 < 9.2.6 | 9.2.6 |
| fortinet | fortinac | 9.2.0 – 9.2.5 | — |
| fortinet | fortinac | >= 9.4.0 < 9.4.1 | 9.4.1 |
| fortinet | fortinet | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Honeypot and threat intelligence data confirmed active exploitation attempts against CVE-2022-39952 from multiple IPs starting February 21, 2023, shortly after a public PoC was released. ↗
- ·The vulnerable endpoint /configWizard/keyUpload.jsp requires no authentication, meaning exploitation is possible from any network-reachable attacker without credentials. ↗
- ·Fortinet notes that most FortiNAC deployments are in air-gapped environments not exposed to the internet, which limits the realistic attack surface despite high theoretical exposure counts. ↗
- ·A working public PoC was released shortly after the February 16, 2023 advisory, accelerating exploitation risk for unpatched systems. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4wjq-4wff-qw9c: A external control of file name or path in Fortinet FortiNAC versions 9
ghsa_unreviewed·2023-02-16
CVE-2022-39952 [CRITICAL] CWE-610 GHSA-4wjq-4wff-qw9c: A external control of file name or path in Fortinet FortiNAC versions 9
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
VulnCheck
Fortinet fortinac External Control of File Name or Path
vulncheck·2022·CVSS 9.8
CVE-2022-39952 [CRITICAL] Fortinet fortinac External Control of File Name or Path
Fortinet fortinac External Control of File Name or Path
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
Affected: Fortinet fortinac
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-recon-enterprise-applications-honeypot-unveiling-findings-from-six-worldwide-locations/; https://www.trendmicro.com/en_us/research
Fortinet
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8...
vendor_fortinet·2023-02-16·CVSS 9.8
CVE-2022-39952 [CRITICAL] CWE-668 A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8...
FG-IR-22-300: A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8...
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
CVEs: CVE-2022-39952
CWEs: CWE-668, CWE-73
CVSS: 9.8 (critical)
Affected products: FortiNAC, Fortinet
Suricata
ET EXPLOIT Fortinet FortiNAC - Observed POST .zip with Vulnerable Parameter (CVE-2022-39952)
suricata·2023-02-21·CVSS 9.8
CVE-2022-39952 [CRITICAL] ET EXPLOIT Fortinet FortiNAC - Observed POST .zip with Vulnerable Parameter (CVE-2022-39952)
ET EXPLOIT Fortinet FortiNAC - Observed POST .zip with Vulnerable Parameter (CVE-2022-39952)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Fortinet FortiNAC - Observed POST .zip with Vulnerable Parameter (CVE-2022-39952)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/configWizard/keyUpload.jsp"; fast_pattern; http.request_body; content:"name=|22|key|22 3b|"; content:"|0d 0a 0d 0a|PK"; reference:cve,2022-39952; classtype:attempted-admin; sid:2044270; rev:2; metadata:attack_target Server, created_at 2023_02_21, cve CVE_2022_39952, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2024_03_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T119
Metasploit
Fortinet FortiNAC keyUpload.jsp arbitrary file write
metasploit
Fortinet FortiNAC keyUpload.jsp arbitrary file write
Fortinet FortiNAC keyUpload.jsp arbitrary file write
This module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes the payload in the context of the root user. The core vulnerability is an arbitrary file write issue in /configWizard/keyUpload.jsp which is accessible remotely and without authentication. When you send the vulnerable endpoint a ZIP file, it will extract an attacker controlled file to a directory of the attackers choice on the target system. This issue is exploitable on the following versions of FortiNAC: FortiNAC version 9.4 prior to 9.4.1 FortiNAC version 9.2 prior to 9.2.6 FortiNAC version 9.1 prior to 9.1.8 FortiNAC 8.8 all versions FortiNAC 8.7 all versions FortiNAC 8.6 all versions FortiNAC 8.5 all versions FortiNAC 8.3 all
Nuclei
Fortinet FortiNAC - Arbitrary File Write
nuclei·CVSS 9.8
CVE-2022-39952 [CRITICAL] Fortinet FortiNAC - Arbitrary File Write
Fortinet FortiNAC - Arbitrary File Write
Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7.
Template:
id: CVE-2022-39952
info:
name: Fortinet FortiNAC - Arbitrary File Write
author: dwisiswant0
severity: critical
description: |
Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute u
Fortinet
The Importance of Patching: An Analysis of the Exploitation of N-Day Vulnerabilities | Fortinet Blog
blogs_fortinet·2024-02-07·CVSS 9.8
[CRITICAL] The Importance of Patching: An Analysis of the Exploitation of N-Day Vulnerabilities | Fortinet Blog
PSIRT BLOGS
The Importance of Patching: An Analysis of the Exploitation of N-Day Vulnerabilities
By Carl Windsor, Guillaume Lovet, Wilfried Djettchou, Hongkei Chan and Alex Kong | February 07, 2024
Affected Platforms: FortiGate
Impacted Users: Government, service provider, consultancy, manufacturing, and large critical infrastructure organizations
Impact: Data loss and OS and file corruption
Severity Level: High
Executive Summary
The following supplementary research provides an analysis of the exploitation of resolved N-Day Fortinet vulnerabilities. "N-Day vulnerabilities" refer to known vulnerabilities for which a patch or fix is available but for which organizations have not yet resolved via patching.
Fortinet continues to monitor ongoing activity by threat actors targeting known,
Trendmicro
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
blogs_trendmicro·2023-09-18
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
Malware
## Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
By: Joseph C Chen 2023/09/18 Read time: ( words)
Save to Folio
In early 2021, we published a research paper discussing the operation of a China-linked threat actor we tracked as Earth Lusca . Since our initial research, the group has remained active and has even extended its operations, targeting countries around the world during the first half of 2023.
While monitoring the group, we managed to obtain an interestin
Trendmicro
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
blogs_trendmicro·2023-09-18
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
Malware
# Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
By: Joseph C Chen
2023/09/18
Read time: ( words)
Save to Folio
In early 2021, we published a research paper discussing the operation of a China-linked threat actor we tracked as Earth Lusca. Since our initial research, the group has remained active and has even extended its operations, targeting countries around the world during the first half of 2023.
While monitoring the group, we managed to obtain an interesting
Trendmicro
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
blogs_trendmicro·2023-09-18
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
Malware
## Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
By: Joseph C Chen Sep 18, 2023 Read time: ( words)
Save to Folio
In early 2021, we published a research paper discussing the operation of a China-linked threat actor we tracked as Earth Lusca . Since our initial research, the group has remained active and has even extended its operations, targeting countries around the world during the first half of 2023.
While monitoring the group, we managed to obtain an interest
Tenable
CVE-2023-33299: Critical Remote Code Execution Vulnerability in FortiNAC
blogs_tenable·2023-06-23·CVSS 9.8
[CRITICAL] CVE-2023-33299: Critical Remote Code Execution Vulnerability in FortiNAC
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Fortinet
Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign | Fortinet Blog
blogs_fortinet·2023-06-12·CVSS 9.8
CVE-2023-27997 [CRITICAL] Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign | Fortinet Blog
PSIRT BLOGS
Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign
By Carl Windsor | June 12, 2023
Affected Platforms: FortiOS
Impacted Users: Targeted at government, manufacturing, and critical infrastructure
Impact: Data loss and OS and file corruption
Severity Level: Critical
Today, Fortinet published a CVSS Critical PSIRT Advisory (FG-IR-23-097 / CVE-2023-27997) along with several other SSL-VPN related fixes. This blog adds context to that advisory, providing our customers with additional details to help them make informed, risk-based decisions, and provides our perspective relative to recent events involving malicious actor activity.
The following write-up details our initial investigation into the incident that led to the discovery of this vulnerability and additi
Fortinet
Analysis of FG-IR-22-369 | Fortinet Blog
blogs_fortinet·2023-03-09·CVSS 6.7
CVE-2022-41328 [MEDIUM] Analysis of FG-IR-22-369 | Fortinet Blog
PSIRT BLOGS
Analysis of FG-IR-22-369
By Guillaume Lovet and Alex Kong | March 09, 2023
Affected Platforms: FortiOS
Impacted Users: Government & large organizations
Impact: Data loss and OS and file corruption
Severity Level: High
Fortinet published a CVSS Medium PSIRT Advisory (FG-IR-22-369 / CVE-2022-41328) on March 7th, 2023. The following write-up details our initial investigation into the incident that led to the discovery of this vulnerability and additional IoCs identified during our ongoing analysis.
Executive Summary
Multiple IoCs have been uncovered related to the incident FG-IR-22-369 / CVE-2022-41328.
The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets.
Incident Analysis
Fortinet’s investigat
Sentinelone
CVE-2022-39952: Fortinet FortiNAC Remote Code Execution Vulnerability
blogs_sentinelone·2023-02-24·CVSS 9.8
CVE-2022-39952 [CRITICAL] CVE-2022-39952: Fortinet FortiNAC Remote Code Execution Vulnerability
Recently, a critical Remote Code Execution (RCE) vulnerability (CVE-2022-39952) was discovered in Fortinet’s FortiNAC product. This vulnerability could allow attackers to upload malicious payloads to the server, leading to a complete compromise of the affected system.
In this blog post, we will discuss the details of the CVE-2022-39952 vulnerability, the Fortinet FortiNAC product, and the vulnerable code that led to this RCE:
## About the CVE-2022-39952
The vulnerability is classified as a remote code execution (RCE) vulnerability with a CVSS score of 9.8 , which is considered critical .
This means that it has the potential to be exploited by attackers to gain complete control over an affected system.
The vulnerability is caused by a lack of authentication and validation in the ‘ /con
Sentinelone
CVE-2022-39952: Fortinet FortiNAC Remote Code Execution Vulnerability
blogs_sentinelone·2023-02-24·CVSS 9.8
CVE-2022-39952 [CRITICAL] CVE-2022-39952: Fortinet FortiNAC Remote Code Execution Vulnerability
Recently, a critical Remote Code Execution (RCE) vulnerability (CVE-2022-39952) was discovered in Fortinet’s FortiNAC product. This vulnerability could allow attackers to upload malicious payloads to the server, leading to a complete compromise of the affected system.
In this blog post, we will discuss the details of the CVE-2022-39952 vulnerability, the Fortinet FortiNAC product, and the vulnerable code that led to this RCE:
## About the CVE-2022-39952
The vulnerability is classified as a remote code execution (RCE) vulnerability with a CVSS score of 9.8, which is considered critical.
This means that it has the potential to be exploited by attackers to gain complete control over an affected system.
The vulnerability is caused by a lack of authentication and validation in the ‘/config
Sentinelone
CVE-2022-44877: CentOS Control Web Panel Unauthenticated RCE
blogs_sentinelone·2023-02-24·CVSS 9.8
CVE-2022-44877 [CRITICAL] CVE-2022-44877: CentOS Control Web Panel Unauthenticated RCE
CVE-2022-44877, an unauthenticated remote code execution flaw in Control Web Panel (CWP), formerly known as CentOS Web Panel. This vulnerability was first discovered by security researcher Numan Türle, who published a proof-of-concept exploit for it on January 3, 2023.
## About the CVE-2022-44877
The vulnerability arises from a condition allowing attackers to run bash commands when double quotes are used to log incorrect entries to the system. Successful exploitation allows remote attackers to execute arbitrary operating system commands via shell metacharacters in the login parameter (login/index.php).
This vulnerability was fixed in an October 2022 release of CWP. On January 6, 2023, security nonprofit Shadowserver reported exploitation in the wild. As of January 19, 2023, security fir
Fortinet
Perspectives: FortiNAC and CVE-2022-39952 | Fortinet Blog
blogs_fortinet·2023-02-23·CVSS 9.8
CVE-2022-39952 [CRITICAL] Perspectives: FortiNAC and CVE-2022-39952 | Fortinet Blog
PSIRT BLOGS
Perspectives: FortiNAC and CVE-2022-39952
By Carl Windsor | February 23, 2023
Affected Platforms: FortiNAC
Impacted Users: Execute unauthorized code or commands
Impact: Remote Code Execution
Severity Level: Critical
Fortinet published a Critical Advisory (FG-IR-22-300 / CVE-2022-39952) for FortiNAC on February 16, 2023. This blog adds perspective to that Advisory, providing our customers with additional, accurate details to help them make informed, risk-based decisions.
The Fortinet Product Security Incident Response Team (PSIRT) works diligently to identify bugs before code ships. Even with processes in place that put security at the forefront of the product development lifecycle and a commitment to deliver on the highest security assurance standard, vulnerabilities occur.
Checkpoint
20th February – Threat Intelligence Report
blogs_checkpoint·2023-02-20
CVE-2023-21823 20th February – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 20th February – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th February, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
Check Point Research identified a campaign against entities in Armenia, using a new version of OxtaRAT – an AutoIt-based backdoor for remote access and desktop surveillance. The threat actors have been targeting human rights organizations, dissidents, and independent media in Azerbaijan for several years, amid rising tens
Fortinet
Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd | Fortinet Blog
blogs_fortinet·2023-01-11·CVSS 9.8
CVE-2022-42475 [CRITICAL] Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd | Fortinet Blog
PSIRT BLOGS
Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd
By Carl Windsor, Guillaume Lovet, Hongkei Chan, and Alex Kong | January 11, 2023
Affected Platforms: FortiOS
Impacted Users: Government & large organizations
Impact: Data loss and OS and file corruption
Severity Level: High
Fortinet has published CVSS: Critical advisory FG-IR-22-398 / CVE-2022-42475 on Dec 12, 2022. The following writeup details our initial investigation into this malware and additional IoCs identified during our ongoing analysis.
Executive Summary
Multiple additional IoCs have been uncovered related to the incident FG-IR-22-398 / CVE-2022-42475
The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets.
Incid
Fortinet
PSIRT Blogs
blogs_fortinet
PSIRT Blogs
PSIRT Blogs
Stay connected:
PSIRT
Analysis of Single Sign-On Abuse on FortiOS
Fortinet is proactively communicating to customers to share analysis regarding single sign-on (SSO) abuse on FortiOS.
By Carl Windsor January 22, 2026
PSIRT
Product Security Advisory and Analysis: Observed Abuse of FG-IR-19-283
This blog analysis describes the observed abuse and provides additional context so that administrators can confirm that they are not impacted and guidance based on Fortinet observations to prevent FG-IR-19-283 from being exploited.
By Carl Windsor December 24, 2025
PSIRT
Analysis of Threat Actor Activity
Fortinet diligently balances our commitment to the security of our customers and our culture of responsible transparency and commits to sharing information with that goal in min
Recorded Future
CVE-2022-39952: Pre-authentication Code-execution Vulnerability | Recorded Future
blogs_recorded_future·CVSS 9.8
CVE-2022-39952 [CRITICAL] CVE-2022-39952: Pre-authentication Code-execution Vulnerability | Recorded Future
## CVE-2022-39952: Pre-authentication Code-execution Vulnerability
## CVE-2022-39952: Fortinet FortiNAC Pre-authentication Code-execution Vulnerability
Fortinet has discovered a vulnerability in the FortiNAC web server which allows unauthenticated arbitrary file access. A patch to address the vulnerability which was assigned CVE-2022-39952 is available. The recommended action is to update to a patched version as soon as possible, as the arbitrary file access also directly allows unauthenticated remote code execution.
Fortinet FortiNAC is a network access control (NAC) solution that employs a policy-based approach to control which devices and users are allowed to connect to the network and how they can interact with resources. It has further features that include automated network discov
Recorded Future
CVE-2022-39952: Pre-authentication Code-execution Vulnerability
blogs_recorded_future·CVSS 9.8
CVE-2022-39952 [CRITICAL] CVE-2022-39952: Pre-authentication Code-execution Vulnerability
# CVE-2022-39952: Pre-authentication Code-execution Vulnerability
## CVE-2022-39952: Fortinet FortiNAC Pre-authentication Code-execution Vulnerability
Fortinet has discovered a vulnerability in the FortiNAC web server which allows unauthenticated arbitrary file access. A patch to address the vulnerability which was assigned CVE-2022-39952 is available. The recommended action is to update to a patched version as soon as possible, as the arbitrary file access also directly allows unauthenticated remote code execution.
Fortinet FortiNAC is a network access control (NAC) solution that employs a policy-based approach to control which devices and users are allowed to connect to the network and how they can interact with resources. It has further features that include automated network discove
Greynoiseio
NoiseLetter
blogs_greynoiseio
NoiseLetter
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2023-02-16
Published
Exploited in the wild