From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Making sense of the CVSS vector string
From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Making sense of the CVSS vector string
- [Instructor] When you get vulnerability scan results back or you're researching a particular vulnerability in the NVD or on a vendor's website, sometimes there's this thing returned called the vector string and quite frankly, it looks like a lot of nonsense. Really, the vector string is your quick reference guide, or cheat sheet, to the base metrics in a specific vulnerability. The vector string takes each of the components of the base metrics, remember those are the things that do not change, and shortens them into a format that is easily interpreted once you know the basics of the base metrics group. Each vector string will always start with the text, CVSS, followed by a colon, and then the version number. In this case 3.1, then it's followed by a forward slash. After that first forward slash, starts the abbreviated representation of the metric names and their assigned values, or a metric name value pair. I'll…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.