CVE Vulnerability Priority Scorer

Stop triaging vulnerabilities by raw CVSS score alone. This actor enriches every CVE with active exploitation status from the CISA Known Exploited Vulnerabilities catalog, attack complexity from the CVSS vector, MITRE ATT&CK technique mapping, and real-world exposure window — then produces a 0–100 priority score with a concrete patch deadline so your security team fixes the right things first.

What does CVE Vulnerability Priority Scorer do?

• Fetches full CVE details from NIST NVD API 2.0 (CVSS scores, CWE IDs, affected configurations)
• Cross-references every CVE against the CISA Known Exploited Vulnerabilities (KEV) catalog including ransomware campaign flags
• Parses CVSS vector strings to extract attack vector, complexity, and privileges-required dimensions
• Maps CWE weakness IDs to MITRE ATT&CK techniques and tactics using a curated local table
• Outputs a priority score, urgency tier (CRITICAL/HIGH/MEDIUM/LOW), and a specific patch deadline date

Key Features

• Multi-Source Cross-Validation: Combines NIST NVD, CISA KEV catalog, and MITRE ATT&CK for context-aware prioritization beyond raw CVSS
• Scoring System: Produces a 0–100 priority score mapped to actionable urgency tiers with concrete patch deadlines
• Flexible Query Modes: Search by CVE ID (e.g. CVE-2024-1234), keyword (e.g. apache log4j), or CPE string
• Batch Processing: Score up to 2,000 CVEs in a single run, sorted by priority descending
• Ransomware Flagging: Highlights CVEs with confirmed ransomware campaign association from CISA data
• Pay Per Event: Only $0.05 per analysis — no subscription needed

Input

Parameter	Type	Required	Description
query	string	Yes	CVE ID, keyword, or CPE string
queryType	string	No	cve_id, keyword (default), or cpe
maxResults	number	No	Maximum CVEs to return (default: 20, max: 2000)
nvdApiKey	string	No	NVD API key for faster rate limits

Output Example

{
  "cveId": "CVE-2021-44228",
  "priorityScore": 98,
  "urgency": "CRITICAL — Patch immediately (24-48 hours)",
  "patchDeadline": "2024-01-17",
  "cvssScore": 10.0,
  "cvssSeverity": "CRITICAL",
  "cvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
  "exploitedInWild": true,
  "cisaKevDetails": {
    "dateAdded": "2021-12-10",
    "requiredAction": "Apply updates per vendor instructions.",
    "dueDate": "2021-12-24",
    "knownRansomwareCampaignUse": true,
    "product": "Log4j2"
  },
  "attackTechniques": [
    { "id": "T1190", "name": "Exploit Public-Facing Application", "tactic": "Initial Access" }
  ],
  "cweIds": ["CWE-502"],
  "verdict": "CVE-2021-44228 (score 98/100) is actively exploited in the wild (CISA KEV), critical CVSS severity, associated with ransomware campaigns, remotely exploitable over network, no authentication required.",
  "flags": ["IN_CISA_KEV", "RANSOMWARE", "NETWORK_EXPLOITABLE", "NO_AUTH_REQUIRED", "CRITICAL_CVSS"],
  "scoreBreakdown": {
    "cvss": 35,
    "exploitation": 35,
    "attackComplexity": 20,
    "exposureWindow": 15,
    "total": 98
  },
  "sources": {
    "nvd": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
    "cisaKev": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
    "mitre": "https://attack.mitre.org/"
  },
  "timestamp": "2024-01-15T10:30:00Z"
}

Use Cases

• Vulnerability Management Platforms: Replace manual CVSS triage with automated contextual scoring for faster remediation workflows
• Security Operations Centers (SOC): Daily CVE feed enrichment to focus analyst attention on actively exploited vulnerabilities
• MSSPs: Deliver prioritized patch reports to clients with clear patch deadlines rather than raw severity ratings
• Penetration Testing Teams: Identify highest-impact targets for authorized red team engagements

Data Sources

Source	Coverage	Rate Limit
NIST NVD API 2.0	250K+ CVEs with CVSS scores	5 req/30s free; 50 req/30s with key
CISA KEV Catalog	1,100+ known exploited vulnerabilities	Free, no key required
MITRE ATT&CK	200+ techniques, local CWE mapping table	Free, no key required

Scoring Breakdown

Dimension	Max Points	What It Measures
CVSS Severity	35	Base CVSS score (9.0+ = 35 pts)
Active Exploitation	30	Presence in CISA KEV (ransomware = +5 bonus)
Attack Complexity	20	Network vector + low complexity + no-auth = max
Exposure Window	15	Age of vulnerability (>1 year unpatched = max)

Patch Deadline Logic

Urgency Tier	Score Range	Deadline
CRITICAL	80–100	24–48 hours
HIGH	60–79	7 days
MEDIUM	40–59	30 days
LOW	20–39	90 days
INFORMATIONAL	0–19	Monitor only

Pricing

This actor uses Pay Per Event pricing at $0.05 per analysis. You only pay for successful analyses.

API Keys (Optional)

Some data sources work better with API keys. Set these as environment variables:

• NVD_API_KEY: Increases NVD rate limit from 5 to 50 requests/30 seconds for bulk CVE lookups — Get free key here

Without a key, the actor still works but paginates slowly through large result sets.

---

🔗 Related Actors by ntriqpro

Extend this actor with the ntriqpro intelligence network:

• cve-threat-prioritizer — Prioritize CVEs by exploitability & active threats
• nist-cve-vulnerability-scanner — NIST NVD CVE vulnerability lookup
• first-cvss-severity-index — FIRST CVSS severity scoring

⭐ Love it? Leave a Review

Your rating helps professionals discover this actor. Rate it here.