Attack Effort


Attack Effort (or Access Complexity) is to account for the combination of time, knowledge, resources, and potential consequences to an Attacker when conducting a specific attack.

Appears the Common Vulnerabilities and Exposures (CVE) refers to this as "Access Complexity"

Access Complexity [1]#

The Access Complexity (AC) metric describes how the Attack Effort is to exploit the discovered vulnerability.
High (H)Specialised conditions exist, such as a race condition with a narrow window, or a requirement for social engineering methods that would be readily noticed by knowledgeable people.0.35
Medium (M)There are some additional requirements for access, such as a limit on the origin of the attacks, or a requirement for the vulnerable system to be running with an uncommon, non-default configuration.0.61
Low (L)There are no special conditions for access to the vulnerability, such as when the system is available to large numbers of users, or the vulnerable configuration is ubiquitous.0.71

More Information#

There might be more information for this subject on one of the following: