Nodeware utilizes the industry standard Common Vulnerability Scoring System (CVSS) scoring as developed by FIRST.org to assign weights to individual vulnerabilities. Nodeware is version 3.1 compliant as specified in the official documentation.
CVSS provides a way to capture vulnerability characteristics as well as provide a numerical score that reflects the severity based on several factors. These include the access level required to exploit a vulnerability and availability of mitigations and exploits.
Utilizing industry standards, such as CVSS allows Nodeware to integrate with other security tools and software, as well as align with organization security policies. Industry compliance requirements, like PCI DSS, often require correlation of vulnerabilities to CVSS standard scoring.
Score Categories
Critical (9.0 - 10.0)
Vulnerabilities that score in the critical range usually have most of the following characteristics:
- Exploitation of the vulnerability likely results in root-level compromise of servers or infrastructure devices.
- Exploitation is usually straightforward, in the sense that the attacker does not need any special authentication credentials or knowledge about individual victims, and does not need to persuade a target user, for example via social engineering, into performing any special functions.
For critical vulnerabilities, is advised that you patch or upgrade as soon as possible, unless you have other mitigating measures in place.
High (7.0 - 8.9)
Vulnerabilities that score in the high range usually have some of the following characteristics:
- The vulnerability is difficult to exploit.
- Exploitation could result in elevated privileges.
- Exploitation could result in a significant data loss or downtime.
Medium (4.0 - 6.9)
Vulnerabilities that score in the medium range usually have some of the following characteristics:
- Vulnerabilities that require the attacker to manipulate individual victims via social engineering tactics.
- Denial of service vulnerabilities that are difficult to set up.
- Exploits that require an attacker to reside on the same local network as the victim.
- Vulnerabilities where exploitation provides only very limited access.
- Vulnerabilities that require user privileges for successful exploitation.
Low (0.1 - 3.9)
Vulnerabilities in the low range typically have very little impact on an organization's business. Exploitation of such vulnerabilities usually requires local or physical system access.
Info
Informational findings are not scored as they do not present risk, they are included to provide additional context.
Comments
0 comments
Please sign in to leave a comment.