Edge Exposure Auditor
CISA KEV Cross-Reference
CISA KEV Cross-Reference
The Edge Exposure Auditor cross-references your perimeter devices against the CISA Known Exploited Vulnerabilities (KEV) catalog — the authoritative list of CVEs being actively exploited in the wild — and reports which of your gear is affected, prioritized by ransomware use and overdue patch deadlines.
The problem it solves: exploited edge devices (firewalls, VPN gateways, routers) are the leading initial-access vector in breaches today. The highest-signal input to patch prioritization isn't “what's vulnerable” — it's “what's being actively exploited right now.” This tool answers that question for your own inventory.
Upload a device CSV (e.g. a router's client-list export) or load the sample inventory. The tool auto-classifies each device and pre-filters noise — private-MAC phones, consumer devices, and vendors with no known-exploited CVEs are unchecked by default. It then fetches the live KEV catalog directly in the browser and produces a color-coded exposure report. No scanning, no credentials — just a catalog lookup against a list you control.
A match means the vendor/product family has actively-exploited CVEs — you still confirm your exact model and version against the linked CVE. That triage step mirrors real SOC work: alert fires, investigate, confirm or rule out. The roadmap includes NVD CPE version-precise matching to automate that step.
Vanilla JavaScript · CISA KEV API · PapaParse · Python CLI (stdlib only) · netaddr (MAC OUI resolution)