During a security assessment, an organization noticed a flaw that allows external attackers to trigger unwanted actions on a web portal. They plan to measure its severity using a well-known scoring model. Which factor focuses on how the exploit is delivered, including whether it needs local access or can be initiated through a network?
The correct factor is Attack Vector. This metric accounts for the method by which an attacker deploys or triggers the exploit, such as over a network or through local physical access. The other metrics serve different purposes. Privileges Required measures credential levels needed during or after the exploit, Scope measures authorization impacts that extend beyond the original boundaries, and Confidentiality Impact measures how data privacy is affected. Attack Vector is most relevant to how the exploit itself is delivered.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the CVSS scoring model used for?
Open an interactive chat with Bash
Can you explain the different types of Attack Vectors with examples?
Open an interactive chat with Bash
How does 'Privileges Required' differ from 'Attack Vector' in CVSS?