Is CISA KEV Blindsided on adding Vulnerabilities? 2023 Threat summary outlines
Share this:
A new research summary for the year 2023 from the security experts has identified nearly 100 high-risk vulnerabilities that were not included as part of the US CISA KEV.
According to the technology firm, Qualys’ TRU CISA failed to include at least 97 high-risk vulnerabilities in a comprehensive public list that the U.S. CISA is described as the authoritative source of vulnerabilities that have been exploited in the wild.
More than 26,000 vulnerabilities were disclosed in 2023, the researchers said, marking a record high and continuing a years long upward trajectory in disclosures. Less than 1% of those vulnerabilities were considered the highest risk, meaning that they have “a weaponized exploit” and “are actively exploited by ransomware, threat actors and malware, or have confirmed evidence of exploitation in the wild.”
Researchers said CISA had identified 109 high-risk known exploited vulnerabilities throughout the year that showed evidence of being exploited in the wild. The researchers urged organizations that prioritize patching and threat mitigations based on the agency’s known exploited vulnerability catalog to “pay special attention” to the known exploits that were not included in the list this year.
At least 25% of the exploits that CISA failed to include in its list were immediately targeted for exploitation on the same day the vulnerability was publicly disclosed.
It remains unclear why CISA did not include the nearly 100 high-risk vulnerabilities in its catalog.
One-third of the high-risk vulnerabilities, affected network devices and web applications. The researchers said that exploitation of remote services and public-facing applications and for privilege escalation remained the top three attack techniques among threat actors.
Other details says, 206 vulnerabilities had weaponized exploit code available. Exploits for these vulnerabilities are highly likely to compromise the target system if used. There were 115 vulnerabilities routinely exploited by threat actors, malware, and ransomware groups such as CL0P.
