SARASOTA, Fla.–(Business Wire)–Nucleus Security, a leader in risk-based vulnerability management and process automation, today launched the CISA KEV Enrichment Dashboard, a free tool that enables vulnerability researchers to quickly view known and exploitable vulnerabilities identified by CISA and add additional enrichment intelligence to them. . Vulnerability priorities. The CISA KEV Vulnerability Enrichment Dashboard provides a complete list of the CISA Known Exploitable Vulnerabilities (KEV) catalog, which is then enriched with CVSS, EPSS and GreyNoise Threat Intelligence.
There are approximately 198,000 known critical vulnerabilities and exposures (CVE), of which only a small subset are confirmed to be actively exploited. The CISA KEV catalog names less than .5% of all identified CVEs – pointing to those that are most dangerous and confirmed to be active or exploited. The CISA KEV list also reveals some of the primary weaknesses in the CVSS scoring itself, which many organizations use to determine which vulnerabilities to patch and which vulnerabilities to patch with a CVSS score of 7 or higher. However, 12% of vulnerabilities exploited by CISA have CVSS scores below 7.0.
The data above shows that organizations that prefer solutions based solely on CVSS are leaving themselves open to vulnerabilities that are exploited or actively exploited in the wild. The Nucleus Security CISA KEV Enrichment Dashboard aims to fill this gap by providing more context and guidance to vulnerability researchers. Through their research and development of the CISA KEV Enrichment Dashboard, Nucleus Security has made the following observations as of October 2022:
Most Exploited Sellers
The top five most exploited vendors on the CISA KEV list include Microsoft, Adobe, Cisco, Apple and Google, accounting for more than 53% of all vendors covered.
Some brands, like Apple, believe that simply buying and using them will keep you safe. However, as we see from the CISA KEV list, you should also keep it up to date.
Most exploited software
The top five most exploited products on the CISA KEV list include Microsoft Windows, Adobe Flash Player, Microsoft Internet Explorer, Microsoft Office and Google Chrome.
Avoiding Microsoft Windows, Microsoft Office and Google Chrome is not practical for most organizations and it is important to note that alternatives to Windows and Chrome are also on this list.
Absorption activity is validated by GreyNoise
Over a 90-day period, GreyNoise found 145 unique CISA KEV catalog vulnerabilities with scanning and exploitation attempts in the wild.
Threat intelligence like this provides further validation in the value of using multiple threat feeds to detect exploits that should be used to prioritize vulnerability measures.
High EPSS scores as a predictive indicator of potential CISA KEV candidates
Looking at Nucleus’ CISA KEV Enrichment Dashboard, 33% of CISA KEV vulnerabilities have an EPSS score greater than .5, or a 50% probability of being exploited within the next 30 days. However, looking at the EPSS scoring distribution across NVD, only 1.4% of all vulnerabilities have a score of .5 or higher.
EPSS is a good predictive indicator of what vulnerabilities may be future candidates for landing on the CISA KEV list.
End of life products
The two most common products often featured in the CISA KEV list are “end of life”: Adobe Flash and Internet Explorer.
Organizations often find it difficult to eliminate tools like Internet Explorer because legacy software dependencies on Internet Explorer are relatively common on corporate intranets. It is prudent to keep Internet Explorer up to date and set rules in your web proxy to keep Internet Explorer away from the public Internet.
“CISA KEV is one of the best open sources of vulnerability intelligence available today, but the data is limited to only a few information areas and provides no context regarding observed exploit activity,” said Stephen Carter, co-founder and CEO of Nucleus Security. “We needed a way to quickly analyze and prioritize the hundreds of vulnerabilities in KEV, and we did that by enriching it with other sources of vulnerability intelligence. It was immediately clear that we had a case where the whole was greater than the sum of its parts, and we wanted to make this available to the community.”
The Nucleus CISA KEV Enrichment Dashboard, available to anyone, allows vulnerability enrichment data to be easily sorted, searched and exported. To learn more about CISA KEV and how to use the Conservation Dashboard for vulnerability prioritization, see Nucleus Security’s guide to CISA KEV. You can also check out more observations and insights from the Nucleus Security Research team in this recent post, Top CISA KEV Observations.
About Nucleus Security
Nucleus Security is a Risk-Based Vulnerability Management (RBVM) solution that automates the time-consuming vulnerability management process, enabling large and complex enterprises to improve their vulnerability management programs and remediate vulnerabilities 10x faster. Supporting nearly 100 integrations, Nucleus Security creates a unified vulnerability inventory, fully enriched with the world’s leading threat intelligence, and provides the automation engine necessary to eliminate the stovepipe of chaos found in large enterprise vulnerability management programs today. Harness the power of a unified vulnerability solution at https://nucleussec.com/ today.