Vulnerability Prioritization Overview

What is Vulnerability Prioritization?

GreyNoise Vulnerability Prioritization is intended to help customers get current, reliable, and actionable information about active exploitation of vulnerabilities on assets exposed to the Internet. Customers can use this information to prioritize mitigation and remediation of vulnerabilities that are truly urgent today.

Why Did We Build a Vulnerability Prioritization Product?

GreyNoise is uniquely positioned to offer timely and complete information about the active exploitation of a vulnerability in the wild. Most vulnerability management vendors get exploitation information from 3rd party sources that may be incomplete and can rapidly become out-of-date. GreyNoise shows exactly what attacks are happening on the Internet right now.

What data is included?

The full data dictionary for this endpoint can be found here

Access Methods

Visualizer Access

To access the Vulnerability Prioritization feature, you can perform the following actions in the Visualizer:

Search for a CVE via the Search bar using thecve:CVE-2024-24919 format

Click on the CVE link at the top of the search page:

Search for a CVE in the tag library and click the CVE link:

Navigate to a Tag Details page and click on the CVE link:


Vulnerability Prioritization Details Page

Unauthenticated User Experience

Standard User Experience

Paid Subscription (with Vulnerability Prioritization SKU) User Experience

Vulnerability Prioritization API

Details on the API for the Vulnerability Prioritization Feature can be found here

Unauthenticated User Experience

{
  "id": "CVE-2024-24919",
  "details": {
    "vulnerability_name": "Check Point Quantum Security Gateways Information Disclosure Vulnerability",
    "vulnerability_description": "Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.",
    "cve_cvss_score": 8.6,
    "product": "Quantum Security Gateways",
    "vendor": "Check Point",
    "published_to_nist_nvd": true
  }
}

Standard API Key User Experience

{
  "id": "CVE-2024-24919",
  "details": {
    "vulnerability_name": "Check Point Quantum Security Gateways Information Disclosure Vulnerability",
    "vulnerability_description": "Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.",
    "cve_cvss_score": 8.6,
    "product": "Quantum Security Gateways",
    "vendor": "Check Point",
    "published_to_nist_nvd": true
  },
  "timeline": {
    "cve_published_date": "2024-05-28T19:15:10Z",
    "cve_last_updated_date": "2024-05-31T16:04:09Z",
    "first_known_published_date": "2024-05-27T00:00:00Z",
    "cisa_kev_date_added": "2024-05-30T00:00:00Z"
  },
  "exploitation_details": {
    "attack_vector": "NETWORK",
    "exploit_found": true,
    "exploitation_registered_in_kev": true,
    "epss_score": 0.94237
  }
}

Paid Subscription (with Vulnerability Prioritization SKU) User Experience

{
  "id": "CVE-2024-24919",
  "details": {
    "vulnerability_name": "Check Point Quantum Security Gateways Information Disclosure Vulnerability",
    "vulnerability_description": "Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.",
    "cve_cvss_score": 8.6,
    "product": "Quantum Security Gateways",
    "vendor": "Check Point",
    "published_to_nist_nvd": true
  },
  "timeline": {
    "cve_published_date": "2024-05-28T19:15:10Z",
    "cve_last_updated_date": "2024-05-31T16:04:09Z",
    "first_known_published_date": "2024-05-27T00:00:00Z",
    "cisa_kev_date_added": "2024-05-30T00:00:00Z"
  },
  "exploitation_details": {
    "attack_vector": "NETWORK",
    "exploit_found": true,
    "exploitation_registered_in_kev": true,
    "epss_score": 0.94237
  },
  "exploitation_stats": {
    "number_of_available_exploits": 60,
    "number_of_threat_actors_exploiting_vulnerability": 1,
    "number_of_botnets_exploiting_vulnerability": 0
  },
  "exploitation_activity": {
    "activity_seen": true,
    "benign_ip_count_1d": 756,
    "benign_ip_count_10d": 756,
    "benign_ip_count_30d": 756,
    "threat_ip_count_1d": 2,
    "threat_ip_count_10d": 3,
    "threat_ip_count_30d": 6
  }
}