A security team is analyzing a flaw in a web system across different use cases. Which situation would typically be scored as the highest risk under widely recognized severity guidelines?
It can be triggered through a publicly reachable interface that requires low privileges
It is exploited by local administrators using debugging tools
It depends on physical access to restricted hardware used by administrative staff
It requires user confirmation before the flaw can be used
Attacks that can be executed from a publicly reachable point with low requirements usually receive higher marks due to broader impact and ease of exploitation. Conditions needing special access or advanced tools frequently reduce a vulnerability’s score because attackers face bigger hurdles. Flaws that rely on extra user action can also lower the severity by requiring one more step to complete.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are 'widely recognized severity guidelines' for evaluating vulnerabilities?
Open an interactive chat with Bash
Why does the attack vector impact the severity score of a vulnerability?
Open an interactive chat with Bash
What is meant by 'low privileges' when evaluating exploitability?