VulnCheck, an exploit intelligence specialist based in the US, has launched its own catalogue of Known Exploited Vulnerabilities (KEV). The aim is to make impactful common vulnerabilities and exposures (CVEs) more widely known among end-users. The tool will be accessible for free to members of the VulnCheck community, providing security teams and defenders with information on vulnerabilities being exploited in the wild. This will help them better manage threats, determine priority areas, and stay ahead of problematic bugs.
VulnCheck’s initiative is inspired by the well-known KEV catalogue operated by the US Cybersecurity Infrastructure and Security Agency (CISA), which tracks vulnerabilities that pose a threat to US government entities. However, this catalogue does not apply to private organizations or the general public. VulnCheck claims to track 876 (81%) more vulnerabilities being exploited in the wild than CISA, and it adds new bugs to its catalogue 27 days earlier than CISA.
VulnCheck’s Founder and CEO, Anthony Bettini, explained that while the CISA KEV catalogue is valuable, there is an opportunity for broader visibility and earlier indicators of known exploitation. Therefore, VulnCheck decided to offer a community resource that provides comprehensive knowledge on exploited vulnerabilities, delivered at machine speed.
Coalition, a provider of cyber risk and insurance services, conducted recent research that predicted a 25% growth in the total number of disclosed CVEs by 2024, reaching nearly 35,000. Given this rapid growth and the quick exploitation by malicious actors, VulnCheck believes that the ability to move quickly and access a wide range of data is invaluable for security teams, which it hopes to provide through its service.
The new service includes features such as comprehensive CVE tracking, contextual exploit intelligence, and exploit references. It provides citations for all listed CVEs, giving defenders insight into why a specific CVE is included in the catalogue. For example, it may provide evidence if a particular CVE is being used by a ransomware gang.
The VulnCheck KEV dashboard, machine-readable JSON, and the VulnCheck KEV API endpoint are now available for community members to access the tool.
As a demonstration of the service’s capabilities, VulnCheck shared a case study involving a recently disclosed CVE in Atlassian Confluence Server. The vulnerability (CVE-2023-22527), a remote code execution (RCE) flaw, was disclosed by Atlassian on 16 January 2024. VulnCheck observed exploitation of the vulnerability by 21 January and added it to the KEV catalogue that same day. Confirmation of exploitation came on 22 January, and exploit PoCs were added to GitHub. Finally, the bug was added to CISA’s catalogue on 24 January, with a remediation deadline of 14 February.