Skip to main content

State of KEV After 26 months

·184 words·1 min
Posts cisa kev vulnmgmt
Table of Contents
CISA_KEV - This article is part of a series.
Part 3: This Article

There are total of 1053 CVE been added to CISA KEV catalog by end of 2023.

CISA Catalog of Known Exploited Vulnerabilities [ 2023.12.21/1053 ]

Updates
#

As of today, there are total of 1051 CVE have overdue, and another 2 will due in Jan 2024.

Highlights:

  • The top-5 vendors with highest number of vulnerabilities remain the same (total 169 vendors).
  • The top-5 vendors hold 523 (around 50%) of all the 1053 CVE within CISA KEV catalog.
  • The top-5 vulnerable products remain the same (total 420 products).
  • There are 226 (or 21%) CVE found at the top-5 vulnerable products.
  • The mean value increases to 87.75 (was 86.916).
  • The top-5 months where distribution of KEV is higher than mean remain the same (Mar, Apr, May Jun, Nov).

Current State
#

MicrosoftAppleCiscoAdobeGoogleothers
27570676551525

WindowsMultiple Products (Apple)Internet ExplorerFlash PlayerChromium V8 Engineothers
10833312925827

mean_val=87.75

JanFebMarAprMayJunJulAugSepOctNovDec
16201201572331465846474512540
CISA_KEV - This article is part of a series.
Part 3: This Article

Related

State of KEV After 25 months
·142 words·1 min
Posts cisa kev vulnmgmt
See what happen to CISA KEV cataglog by end of Nov 2023.
CISA KEV Distribution
·451 words·3 mins
Posts chart cisa kev graph shortcodes vulnmgmt
How can we identify the trends and patterns in CISA KEV?
Quick Review on CVSS 4.0
·439 words·3 mins
Posts cvss vulnmgmt
New CVSS 4.0 vulnerability severity rating standard released.