Overview#

Attack Effort is to account for the combination of time, knowledge, resources, and potential consequences to an Attacker when conducting a specific attack.

Appears the Common Vulnerabilities and Exposures (CVE) refers to this as "Access Complexity"

Access Complexity [1]#

The Access Complexity (AC) metric describes how easy or difficult it is to exploit the discovered vulnerability.
ValueDescriptionScore
High (H)Specialised conditions exist, such as a race condition with a narrow window, or a requirement for social engineering methods that would be readily noticed by knowledgeable people.0.35
Medium (M)There are some additional requirements for access, such as a limit on the origin of the attacks, or a requirement for the vulnerable system to be running with an uncommon, non-default configuration.0.61
Low (L)There are no special conditions for access to the vulnerability, such as when the system is available to large numbers of users, or the vulnerable configuration is ubiquitous.0.71

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-6) was last changed on 17-Aug-2017 09:48 by jim