From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
CVSS (Common Vulnerability Scoring System)
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
CVSS (Common Vulnerability Scoring System)
- [Instructor] Let's dig in to the Common Vulnerability Scoring System, or CVSS, because you'll see that used on scan reports. CVSS assigns a score to each vulnerability on a 10-point scale. We can figure out a base CVSS score by evaluating eight different metrics and then combining the results. The first metric is the Attack Vector metric. This describes the type of access that an attacker must have to exploit a vulnerability. The value for this metric can be Physical, meaning that the attacker must be able to physically touch or manipulate the target system, it can be Local, meaning that the attacker must have physical or logical access to the system's console, or it can be Adjacent Network, meaning that the attacker must have access to the system's local network, or it can just be Network, meaning that the vulnerability is remotely exploitable. The second metric is the Attack Complexity metric. This metric…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.