This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Exploitability Metrics
Exploitability Metrics

Version management

Difference between version and

At line 1 added 37 lines
!!! Overview
[{$pagename}] as defined in [Common Vulnerability Scoring System] ([CVSS]) reflect the characteristics of the thing that is vulnerable, which we refer to formally as the vulnerable component.
Therefore, each of the Exploitability metrics listed below should be scored relative to the vulnerable component, and reflect the properties of the vulnerability that lead to a successful [attack].
[{$pagename}] attempts to classify the [Attack Effort]
[{$pagename}] has the following classifications:
* Attack Vector (AV) - This [metric] reflects the context by which [vulnerability] exploitation is possible. This metric value (and consequently the Base score) will be larger the more remote (logically, and physically) an [attacker] can be in order to exploit the vulnerable component. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across the [Internet] is larger than the number of potential attackers that could exploit a [vulnerability] requiring physical access to a device, and therefore warrants a greater score.
* Attack Complexity (AC) - This [metric] describes the conditions beyond the [attacker]'s control that must exist in order to exploit the [vulnerability]. Such conditions may require the collection of more information about the target, the presence of certain system configuration settings, or computational exceptions. Importantly, the assessment of this metric excludes any requirements for user interaction in order to exploit the [vulnerability] (such conditions are captured in the User Interaction metric). This metric value is largest for the least complex attacks
* Privileges Required (PR) - This [metric] describes the level of [privileges] an [attacker] [MUST] possess before successfully exploiting the [vulnerability]. This metric is greatest if no [privileges] are required.
* User Interaction (UI) - This [metric] captures the requirement for a user, other than the [attacker], to participate in the successful compromise of the vulnerable component. This [metric] determines whether the [vulnerability] can be exploited solely at the will of the [attacker], or whether a separate user (or user-initiated process) [MUST] participate in some manner. This metric value is greatest when no user interaction is required
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop