—

Why it Matters

Not all vulnerabilities carry the same level of risk. Some CVEs are actively exploited in the wild, listed in CISA KEV (Known Exploited Vulnerabilities), or referenced in public exploit databases. These issues pose immediate danger: attackers often scan the internet for them within hours of disclosure.

Prioritizing fixes for known exploited vulns ensures critical exposures are closed first. This reduces the attack window and aligns with compliance standards that require fast patching of actively exploited weaknesses.

Verification Steps

# Check advisories against CISA KEV catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog

# Cross-reference installed extension CVEs with KEV/Exploit-DB
# Expected: actively exploited CVEs are flagged as "high priority"

# Verify that remediation tickets mark KEV CVEs with
# - Priority: Critical
# - SLA: 24–72h max

Remediation / Fix Guidance

1. Maintain a feed of KEV and exploit databases.
2. Cross-check all extension CVEs weekly against KEV.
3. For CVEs marked “known exploited”:
   • Patch or remove the extension within SLA (24–72h).
   • If patch unavailable, apply temporary mitigations (see MB-R053).
   • Document the urgency and track completion time.
4. Escalate to security team leadership if SLA cannot be met.

Examples

# CVE-2024-5678 in payment module
# Listed in CISA KEV, public PoC exploit available
# Patch delayed for 6 weeks → FAIL

# CVE-2024-5678 in payment module
# Listed in KEV, patched in v2.3.1
# Store upgraded within 48h → PASS

References

• OWASP Top 10 — A06: Vulnerable & Outdated Components
• CISA Known Exploited Vulnerabilities (KEV) Catalog
• Exploit-DB