Full Report
The US National Institute of Standards and Technology (NIST) published a white paper introducing a new metric called Likely Exploited Vulnerabilities (LEV)
Analysis Summary
# Vulnerability: NIST Likely Exploited Vulnerabilities (LEV) Metric Introduction
## CVE Details
- CVE ID: Not Applicable (This article describes a **metric/framework**, not a specific vulnerability)
- CVSS Score: N/A
- CWE: N/A
## Affected Systems
- Products: N/A
- Versions: N/A
- Configurations: N/A
## Vulnerability Description
This article discusses the introduction of a new metric by the US National Institute of Standards and Technology (NIST) called **Likely Exploited Vulnerabilities (LEV)**. LEV is designed to provide organizations with daily guidance on whether a specific Common Vulnerabilities and Exposures (CVE) has been exploited. The LEV metric builds upon and enhances the existing **Exploit Prediction Scoring System (EPSS)**, which predicts the likelihood of exploitation within a specific timeframe (e.g., 30 days). LEV aims to offer a more nuanced assessment of exploitation status based on past and current exploitation activity for each CVE.
## Exploitation
- Status: Related to tracking *existing* or *predicted* exploitation across various CVEs.
- Complexity: N/A (Framework introduction)
- Attack Vector: N/A
## Impact
- Confidentiality: N/A (Framework introduction)
- Integrity: N/A (Framework introduction)
- Availability: N/A (Framework introduction)
## Remediation
### Patches
- This article does not detail specific patches, as it describes a scoring metric. Patches would be vendor-supplied based on the priority assigned by the LEV score for a given CVE.
### Workarounds
- No specific workarounds are detailed. The goal of using LEV is to prioritize application of vendor-supplied patches for the most likely exploited flaws.
## Detection
- The LEV metric itself serves as a tool for detection prioritization. It provides daily information regarding the exploitability of known CVEs.
- Detection methods would involve integrating the LEV score into existing vulnerability management programs to flag high-LEV scored CVEs for immediate investigation and patching.
## References
- NIST Technical White Paper: csrc.nist.gov/pubs/cswp/41/likely-exploited-vulnerabilities-a-proposed-metric/final
- Relevant Context (EPSS): infosecurityeurope.com/en-gb/blog/future-thinking/how-to-integrate-epssv4-vulnerability-system.html?utm_source=advert&utm_medium=referral&utm_campaign=infosecurity_magazine&utm_content=&utm_term=