From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Interpreting CVSS scores
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Interpreting CVSS scores
- [Instructor] Once we've assigned ratings to the individual CVSS metrics, we can combine them to determine the CVSS-based score. I'll show you an example of that in just a moment. First, let's take a look at a vulnerability report from a server where Nessus detected support for the outdated SSL protocol. Here's the CVSS version three vector for this vulnerability. It looks like just a long string of characters, but now we have the information that we need to make sense of it. Let's go ahead and interpret this CVSS string piece by piece. AV:N means that the access vector is network. An attacker can exploit this vulnerability remotely over the network. AC:L means that the attack complexity is low. It would be easy to exploit this vulnerability. PR:N means that there are no special privileges required to execute the vulnerability. The attacker does not need an existing user or administrator account on the target system.…