From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Interpreting CVSS scores
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Interpreting CVSS scores
- [Instructor] Once we've assigned ratings to the individual CVSS metrics, we can combine them to determine the CVSS-based score. I'll show you an example of that in just a moment. First, let's take a look at a vulnerability report from a server where Nessus detected support for the outdated SSL protocol. Here's the CVSS version three vector for this vulnerability. It looks like just a long string of characters, but now we have the information that we need to make sense of it. Let's go ahead and interpret this CVSS string piece by piece. AV:N means that the access vector is network. An attacker can exploit this vulnerability remotely over the network. AC:L means that the attack complexity is low. It would be easy to exploit this vulnerability. PR:N means that there are no special privileges required to execute the vulnerability. The attacker does not need an existing user or administrator account on the target system.…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.