During a recent vulnerability assessment, you have identified a security flaw within your company's web application. After research, you realize this flaw requires a sophisticated level of technical expertise to exploit, a specific set of circumstances to be present, and specialized access to network configurations. How would you categorize this flaw within the Common Vulnerability Scoring System (CVSS) in terms of Attack Complexity?
In the Common Vulnerability Scoring System (CVSS), an attack that requires a high level of skill, certain conditions, and specialized network access to be exploited is categorized as having "High" attack complexity. This indicates greater difficulty for attackers and reduces the base score compared with a "Low" complexity issue. "Medium" and "Variable" are not valid CVSS Attack Complexity values, and "Low" would describe an attack that can be executed easily without special conditions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'Attack Complexity' mean in CVSS?
Open an interactive chat with Bash
What are other key attributes in CVSS besides Attack Complexity?
Open an interactive chat with Bash
Why is it important to categorize vulnerabilities with CVSS?