From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
How attack complexity affects risk
From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
How attack complexity affects risk
- [Instructor] Attack complexity is a simple metric compared to many of the others in the CVSS base group. Attack complexity is represented as AC in the CVSS vector string. Attack complexity only has two possible values, low and high. The value of low, represented by L in the vector string, means that no special situations are needed for an attack to be successful. The attacker can be reasonably certain of success when attacking a vulnerable system component. Since the likelihood of success is higher, the risk is too. The value of high, represented as H in the vector string, is selected in situations where a successful attack requires measurable effort on the attacker's part. Some examples of that sort of situation are needing to bypass or overcome mitigation techniques, like antivirus or anti-malware software, needing to understand specific details about the target system, or the environment, or its configurations, or…
Contents
-
-
-
-
-
(Locked)
The CVSS base metric group2m 28s
-
(Locked)
The attack vector metric2m 47s
-
(Locked)
How attack complexity affects risk1m 10s
-
(Locked)
The effects of the privileges required metric on risk1m 15s
-
(Locked)
User interaction and vulnerability risk47s
-
(Locked)
Confidentiality, integrity, and availability impact metrics3m 37s
-
(Locked)
Security scope in CVSS1m 29s
-
(Locked)
Challenge1m 43s
-
(Locked)
Solution2m 32s
-
(Locked)
-
-
-
-