CISA’s Know Exploited Vulnerabilities (KEV) catalog is a wonderful resource for vulnerability and patch management. If you have not come across it yet, it is – as the name suggests – a list of vulnerabilities that are currently known to be actively exploited in the wild, which is published by the US Cybersecurity & Infrastructure Agency (CISA)[1]. It was started back in 2021[2] and currently contains 870 vulnerabilities[3].
Although it was primarily intended for US federal institutions, which are required to remediate vulnerabilities listed in the catalog within certain timeframes, it quickly became an important part of vulnerability and patch management processes in many organizations around the world. Since the KEV catalog covers current, actively exploited vulnerabilities, it makes sense to prioritize them in both discovery of affected systems and their patching, especially when it comes to devices that are exposed to the internet.
For organizations with vulnerability management programs of (almost) any maturity in place, the identification of their own systems affected by vulnerabilities listed in the KEV catalog is quite straightforward, as any up-to-date vulnerability scanner/vulnerability management solution will probably be able to identify all of them. For organizations that lack any active vulnerability scanning capabilities, or for researchers or security teams who would like to monitor larger areas of the internet to see how many systems in them are affected by vulnerabilities included in the KEV catalog, it is not as straightforward.
This is where Shodan and a new version of my passive detection internet connected systems affected vulnerabilities catalog
){kind=link}