C
CVSS (Common Vulnerability Scoring System)
A standardized framework for rating the severity of security vulnerabilities on a scale of 0.0 to 10.0.
What is CVSS?
The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. It provides a standardized way to assess and prioritize vulnerabilities based on their properties.
CVSS Score Ranges
- None: 0.0
- Low: 0.1 - 3.9
- Medium: 4.0 - 6.9
- High: 7.0 - 8.9
- Critical: 9.0 - 10.0
CVSS Metric Groups
Base Score:
- Attack Vector (Network, Adjacent, Local, Physical)
- Attack Complexity (Low, High)
- Privileges Required (None, Low, High)
- User Interaction (None, Required)
- Scope (Unchanged, Changed)
- Impact (Confidentiality, Integrity, Availability)
Temporal Score:
- Exploit Code Maturity
- Remediation Level
- Report Confidence
Environmental Score:
- Organization-specific adjustments
- Asset criticality considerations
Using CVSS
- Prioritize vulnerability remediation
- Communicate risk to stakeholders
- Track vulnerability trends
- Compare vulnerabilities consistently
- Meet compliance requirements