A security analyst is prioritizing vulnerabilities for a critical web server. Using the Common Vulnerability Scoring System (CVSS), the analyst identifies a remote code execution flaw with a calculated base score of 9.8. Based on standard CVSS v3.1 guidelines, how must this vulnerability be classified?
The Common Vulnerability Scoring System (CVSS) provides a score that ranges from 0.0 to 10.0, with higher scores indicating a more severe impact of the vulnerability. The severity of scores is typically categorized as 'Low' (0.1-3.9), 'Medium' (4.0-6.9), 'High' (7.0-8.9), and 'Critical' (9.0-10.0). Therefore, a score of 9.8 falls into the 'Critical' category, indicating a very severe level of vulnerability that should be addressed as a top priority. The other terms are incorrect classifications within the CVSS framework.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the CVSS and why is it used?
Open an interactive chat with Bash
What are the components of a CVSS score?
Open an interactive chat with Bash
How should an organization respond to a 'Critical' CVSS vulnerability?