IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [cvss]

use `cvss` if your question is related to Common Vulnerability Scoring System

The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of three metric groups: Base, Temporal, and Environmental. The Base group represents the intrinsic qualities of a vulnerability that are constant over time and across user environments, the Temporal group reflects the characteristics of a vulnerability that change over time, and the Environmental group represents the characteristics of a vulnerability that are unique to a user's environment.

59 questions
3
votes
1 answer

Relationship between CVSS and Risk Level in Nessus output data

In a Nessus output file, does the Risk Level (e.g. Critical, High, Medium, Low, None) depend on the CVSS score? What relationship, if any, do the Risk Level and CVSS have? Thank yo
silverlight
  • 33
  • 1
  • 4
3
votes
1 answer

How to rate a CVSS score for a vulnerability on an identity provider

I'm having difficulty to rate a CVSS for an Identity Provider. Imagine you have a vulnerability where you can bypass an authentication mechanism. How would you rate : Confidentiality (C) Integrity (I) Availability (A) as you don't with which…
Kantium
  • 133
  • 4
3
votes
4 answers

Risk of web admin portal without extra authentication steps

more of a philosophical question, suppose there is one behavior which allows an attacker to do something with high impact but by itself cannot be used to cause that impact. For example, internet accessible admin portal which even though still…
thevpt
  • 31
  • 1
3
votes
3 answers

CVSS Score for self-XSS (stored XSS)

I have a web application which is vulnerable to stored, self-XSS attack. Proper encoding is not done In the place where the data from a database (set by the same user) is added to response. However, this XSS can be considered as not self-XSS…
NShani
  • 31
  • 1
  • 6
3
votes
1 answer

CVSS Score Remote or Local Scenario

I have to deal with a lot of CVSSv2 and CVSSv3 scores for many, many years. What troubles me like forever is what default attack scenario shall be defined for a vulnerability. Let's take a malicious Office document as an example. As soon as it is…
Marc Ruef
  • 1,060
  • 5
  • 12
3
votes
1 answer

CVSS Temporal Data

The CVSS standard has a "temporal" component that models the changing risk associated with a vulnerability over time, such as the publication of a working exploit. But NIST's NVD doesn't provide that kind of temporal information. Do you know of any…
Mark E. Haase
  • 1,902
  • 2
  • 15
  • 24
3
votes
2 answers

Why is XSS scored with partial impact to integrity in CVSS V2?

From CVSS v2 complete guide : "SCORING TIP #2: When scoring a vulnerability, consider the direct impact to the target host only. For example, consider a cross-site scripting vulnerability: the impact to a user's system could be much greater…
Matt Elson
  • 269
  • 1
  • 3
  • 7
2
votes
2 answers

How to calculate CVSS of an attack so that it matches those in CVEs?

I have drawn an attack graph for a file-sharing application (eg. Dropbox) where a database stores details of virtual machines Eg. memory space left, etc. I've listed some possible attacks: The attacker can reduce the memory size assigned by some…
user2281204
  • 23
  • 3
2
votes
2 answers

CVSS and chained vulnerabilities

Let's say a website has two vulnerabilities: Information Disclosure reflected XSS Their impact by themselves is limited on the specific site, but when chained together, the impact is raised too high (e.g. transfer money to another account) What…
tturbox
  • 101
  • 1
  • 4
2
votes
2 answers

Is it correct to assign a CVSS to a misconfiguration?

This morning, talking to a colleague, we were discussing the correction of assigning a CVSS to a bad configuration. Specifically, we were discussing whether using HTTP instead of HTTPS should have an associated vector. From my point of view, a…
vuln newbie
  • 321
  • 2
  • 4
2
votes
0 answers

What is the correct CVSS “Privileges Required” score for a local privilege escalation where the vulnerable component doesn’t do authorization?

A locally installed application, which runs a daemon as root, creates a directory which is world-writable. By changing files in this world-writable directory, it’s possible to cause the daemon to execute arbitrary code as root. Reviewing the…
C Snover
  • 121
  • 3
2
votes
3 answers

Do I need to worry about vulnerabilities that require administrative privileges to exploit?

I am currently evaluating the impact that the recent NUC Firmware Advisory has on our machines. What confuses me is that fact that those vulerabilities are scored with a high risk score, but require(!) administrative privileges to exploit (CVSS:…
Heinzi
  • 2,914
  • 2
  • 21
  • 25
2
votes
1 answer

How to rate CVSS3's "Privileges Required" when an attacker can create an account?

The Common Vulnerability Scoring System Version 3.0 rates the severity of vulnerability depending on factors such as: Attack Vector (AV) - What kind of access does an attacker need? Can they do it over the net or do they need physical…
user163495
2
votes
2 answers

Does the CVSS impact score correspond to probability?

From http://nvd.nist.gov/cvsseq2.htm, I noticed that the CVSS standard attributes the following impact values ​​for confidentiality, integrity and availability: 0 for none impact, 0.275 for partial impact and 0.66 for complete impact. My…
Mely
  • 183
  • 7
2
votes
1 answer

Why do CVSS scores change?

In National Vulnerability Database page (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0778), from the change history, we can see CVSS v3 scores has been changed overtime. For example, CVE-2016-0778 has this CVSS score when it was…
Sarvar Nishonboyev
  • 173
  • 4
1
2
3 4