From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
Join today to access over 22,700 courses taught by industry experts or purchase this course individually.
The effects of the privileges required metric on risk
From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1
The effects of the privileges required metric on risk
- [Instructor] Privileges Required, represented as PR in the vector string, describes the privileges needed before an attack begins in order for the attack to complete successfully. Three possible values exist for the privileges required metric. None represented by N, low L, and high H. The highest risk is none, and the lowest is high. None is the highest risk value because it indicates that an attacker doesn't need any level of permission to exploit the vulnerability. Any attacker can be successful. This is usually a situation where the attack can be launched over the network. The low value means that the attacker needs a basic level of access to the system. An example would be a standard user that does not have any administrative rights on a system. A privileges required value of high means that the attacker must have elevated permissions like local administrator rights, before the attack begins. Risk decreases as…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
The CVSS base metric group2m 28s
-
(Locked)
The attack vector metric2m 47s
-
(Locked)
How attack complexity affects risk1m 10s
-
(Locked)
The effects of the privileges required metric on risk1m 15s
-
(Locked)
User interaction and vulnerability risk47s
-
(Locked)
Confidentiality, integrity, and availability impact metrics3m 37s
-
(Locked)
Security scope in CVSS1m 29s
-
(Locked)
Challenge1m 43s
-
(Locked)
Solution2m 32s
-
(Locked)
-
-
-
-