CISA’s Known Exploited Vulnerabilities (KEV) catalog is the authoritative source of information on past or currently exploited vulnerabilities. In a new report, the Rezilion research team analyzed vulnerabilities in the current KEV catalog. The results revealed a whopping 15 million vulnerable instances. And the majority of the occurrences were Microsoft Windows instances.
Rezilion notes that KEV catalog vulnerabilities are frequent targets of advanced persistent threat (APT) Groups. And this wide-open attack surface remains unaddressed largely due to a lack of awareness and action.
Massive Security Gap
The CISA KEV catalog currently has 896 vulnerabilities, with new entries added regularly. Most of these vulnerabilities are considered highly dangerous, with 250 marked as critical and 535 marked as high risk. Rezilion’s research also discovered that the vulnerabilities listed in the catalog are just a fraction (less than 1%) of the total vulnerabilities discovered each year.
KEVs are frequently exploited by APT groups and other financially motivated attackers. Typical attackers targeting KEVs are linked to nation-states, such as China, Russia, Iran and North Korea. The report’s findings show that millions of systems remain vulnerable to these exploits, even though patches exist to fix them.
KEV Research Methodology
The Rezilion study analyzed common vulnerabilities and exposures (CVEs) contained in the CISA KEV catalog. They used resources such as GreyNoise and Shodan to identify past and present attack surfaces. These include:
CISA KEV: Maintained by CISA, the catalog is an authoritative source regarding vulnerabilities in various software and hardware products. The vulnerabilities have either been exploited in the past or are still under active exploitation.
known vulnerabilities impact public services
