Many of today's Internet of Things (IoT) devices are vulnerable due to the large amount of overhead incurred when their operating systems are patched against emerging vulnerabilities. In addition, legacy IoT devices are no longer supported by their manufacturers, leaving customers with unpatched devices that can be easily exploited by attackers. Thus, there is an urgent need for a solution that provides a lightweight and low-cost mechanism for preventing exploitation of vulnerable IoT devices. In this paper, we propose an innovative cloud-based framework for protecting IoT devices. The proposed framework consists of a cloud service and a designated IoT security appliance. The security appliance controls the network traffic flowing to and from the vulnerable device and verifies that it does not violate a set of rules, represented by a vulnerability mitigation policy, that have been derived and synthesized by the cloud service from public corpora of Common Vulnerabilities and Exposures (CVE). We demonstrate how the proposed solution can be applied as a cost-effective solution capable of preventing exploitation of vulnerable IP cameras as part of a prominent botnet attack called Mirai.