The Six Metrics for a CVSS Score
The Tip of the Night for January 23, 2020 referred to NIST's Common Vulnerability Scoring System for evaluating how serious a flaw in a cybersecurity system is. A vulnerability can be assigned a score from 0 to 10 under the system, which uses six metrics to assess the severity of a flaw:
ACCESS - access to a local account will only result in a score of 0.395. Network level access is graded a 1.0.
ACCESS COMPLEXITY - this measures how difficult it is to exploit the vulnerability. If it can be used without the need for social engineering, the score will be higher.
AUTHENTICATION - if the exploit requires the attacker to authenticate more than two times, the score will be lower.
CONFIDENTIALITY - depending on the scope of data disclosed, the score may be higher.
INTEGRITY - if the attacker can modify data at will a score of 0.660 will be given.
AVAILABILITY - an attack that lowers the performance of the system will result in a higher score.
Comments