From the course: Security Testing: Vulnerability Management with Nessus
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Interpreting CVSS scores - Nessus Tutorial
From the course: Security Testing: Vulnerability Management with Nessus
Interpreting CVSS scores
- [Narrator] Once we've assigned ratings to the six individual CVSS metrics, we can combine them to determine the CVSS Score. Let's take a look at an example using a real scan report. Here's a sequel injection vulnerability report from Nessus, you've seen this report before. If I scroll down past the initial information about the vulnerability, the description and the solution, I see the CVSS Base Score assigned to this vulnerability. This long character string provides me with some important information, first, the number provides the CVSS summary score for this vulnerability; it has a CVSS score of 7.5, then the long string that appears next to the number in parentheses, describes the values assigned to each one of the six CVSS metrics. Let's explore that string piece by piece. The first metric is the attack vector, here, the attack vector is set to a value of N for network. An attacker can exploit this sequel injection vulnerability remotely over the network, AC:L means that the…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.