WHY ONLY THESE VULNERABILITIES?

n many information systems, it is inconceivable (for administrators) to successfully apply patches to the entire system. Therefore, it is necessary to adopt a risk-oriented approach. In this type of approach, knowing that a vulnerability in our system is actively exploited by attackers allows obtaining the human and technical resources needed to quickly fix this flaw.

WHY CISA?

Unfortunately, in France, we lack high-quality feedback on such vulnerabilities. Therefore, I preferred to use an RSS feed from a reliable and recognized authority, even if it is American. Feel free to adapt the script to use another source.

DEFINING A KEV?

KEV (Known Exploited Vulnerabilities): Known and exploited vulnerabilities.

CRITERIA

1 - HAVE A CVE IDENTIFIER

The first criterion for adding a vulnerability to the KEV catalog is the assignment of a CVE identifier. The CVE identifier, also called CVE record, CVE name, CVE number, is a unique and common identifier for a cybersecurity vulnerability known to the public.

2 - ACTIVELY EXPLOITED

A vulnerability actively exploited is one for which there is reliable evidence that the execution of malicious code has been carried out by an actor on a system without the owner's authorization.

Events that do not constitute active exploitation, concerning the KEV catalog, include:

• Scanning

• Security exploit search

• Proof of concept (PoC)

3 - CLEAR CORRECTION GUIDELINES

CISA adds known exploited vulnerabilities to the catalog when there is a clear action for the concerned organization to take. Measures may include updating, implementing mitigation measures, or deploying workarounds.