CVSS (Common Vulnerability Scoring System) provides a method for scoring vulnerabilities based on their key characteristics, reflecting their severity.CVSS has become a widely used standard.
followingCVSS version 3.1 calculatorThe screenshot of the interface of Base Score, this article explains the scoring criteria of Base Score and provides some suggestions. It will also translate each dimension option.
Attack Vector
- Attacks from WAN, LAN. network.
- To run near the device. bluetooth. nfc. within the local IP subnet. Cannot cross routers.Adjacent.
- Run a program on the device to implement the attack. local.
- Manual physical manipulation on the device implements the attack behavior.Physical.
Network
A "network-accessible exploitable vulnerability" means that the vulnerable component is bound to the network stack and the attacker's path passes through OSI Layer 3 (the network layer). This type of vulnerability is often referred to as "remotely exploitable" and can be interpreted to mean that the attack can be exploited at one or more network jump points.
Adjacent
A "vulnerability that can be exploited via adjacent network access" means that the vulnerable component is bound to the network stack, but the attack is limited to the same shared physical network (e.g., Bluetooth, IEEE 802.11) or logical network (e.g., a local IP subnet), and cannot be carried out across OSI Layer 3 (e.g., a router).
Local
A "vulnerability that can be exploited via local access" means that the vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities. In some cases, an attacker may need to log in locally to exploit the vulnerability; otherwise, she may rely on user interaction to execute malicious files.
Physical
A "vulnerability that can be exploited via local access" means that the vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities. In some cases, an attacker may need to log in locally to exploit the vulnerability; otherwise, she may rely on user interaction to execute malicious files.
Attack Complexity
- No prerequisites, repeatable attack successes. low.
- Conditions exist that are beyond the control of the attacker.High.
Low
There are no threshold conditions for executing an attack, nor are there backdoors intentionally left open for special cases. An attacker can expect repeated success against vulnerable components.
High
A successful attack depends on conditions beyond the control of the attacker. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest some measurable preparation of vulnerable components before a successful attack can be expected. For example, a successful attack may require the attacker to: perform target-specific reconnaissance; prepare the target environment to increase the reliability of the exploit; or inject himself into the logical network path between the target and the resources requested by the victim in order to read and/or modify the network traffic (e.g., a man-in-the-middle attack).
Privileges Required
- Attackers do not need to log in to verify authorization.None.
- An attacker would need to obtain a lower authorization such as a standard user.Low.
- An attacker would need to gain access to a high-privilege user such as admin. high.
None
The attacker is unauthorized prior to the attack and therefore does not need any access to settings or files to execute the attack.
Low
Attackers are granted (i.e., require) privileges that provide basic user functionality that would normally only affect user-owned settings and files. Alternatively, an attacker with low privileges may only be able to affect non-sensitive resources.
High
Attackers are granted (i.e., need) permissions that provide important (e.g., administrative) control over vulnerable components, which may affect component-wide settings and files.
User Interaction
- The attack can be started unconditionally without any preemptive action by the legitimate user.None.
- You need to wait until a legitimate user has run the system into a specific state.Required.
None
Vulnerable systems can be exploited without any user interaction.
Required
To successfully exploit this vulnerability, the user will need to perform a number of actions before the vulnerability can be exploited.
Scope
- Only the component itself is affected.Unchanged.
- Beyond the component itself. such as providing an entry point for running operating system commands.Changed.
Unchanged
An exploited vulnerability can only affect resources that are managed by the same security organization. In this case, the vulnerable component and the affected component are either the same or managed by the same security organization.
Changed
An exploited vulnerability may affect resources outside the security scope managed by the security organization of the vulnerable component. In this case, the vulnerable component and the affected component are distinct and managed by different security organizations.
Confidentiality
- No sensitive information has been compromised.None.
- Non-authenticated/authorized users can overstep their rights to view information with minor consequences.Low.
- Leakage of information that would have serious repercussions, such as passwords. high.
None
There is no loss of confidentiality within the affected component.
Low
There is some loss of confidentiality. There is access to some restricted information, but the attacker has no control over what is accessed, or the amount or type of loss is limited. Information leakage does not result in direct, severe damage to affected components.
High
Confidentiality is completely lost, resulting in all resources in the affected component being disclosed to the attacker. Alternatively, only some restricted information can be accessed, but the disclosure can have immediate and serious implications.
Integrity
- The data will not be tampered with.None.
- The scope of tampering is limited and the consequences are not serious.Low.
- The scope of tampering is uncontrollable and the consequences are severe.High.
None
There is no loss of integrity within the affected component.
Low
Data can be modified, but the attacker has no control over the consequences of the modification or the amount of modification is limited. Data modifications do not have a direct, severe impact on affected components.
High
Complete loss of integrity, or complete loss of protection. For example, an attacker is able to modify any/all files protected by the affected component. Alternatively, only a few files can be modified, but malicious modifications can have immediate and severe consequences for the affected component.
Availability
- It works perfectly fine for legitimate users.None.
- Legitimate user use is affected, but not significantly.Low.
- Legitimate users can't use it properly. high.
None
There is no impact on availability within the affected component.
Low
performance degradation or resource availability disruption. Even if the vulnerability could be exploited repeatedly, an attacker would not be able to completely deny service to legitimate users. Resources in the affected components are either always partially available or fully available only part of the time, but overall, there are no immediate serious consequences for the affected components.
High
A complete loss of availability results in an attacker being able to completely deny access to resources in the affected component; this loss is either continuous (while the attacker continues with the attack) or long-lasting (even after the attack is complete). Alternatively, the attacker has the ability to deny some availability, but the loss of availability has immediate and severe consequences for the affected component (e.g., the attacker cannot interrupt existing connections, but can block new ones; the attacker can repeatedly exploit a vulnerability that leaks only a small amount of memory in the case of each successful attack, but causes the service to become completely unavailable after repeated exploitation).