From the course: Vulnerability Management with Nessus
Join today to access over 25,500 courses taught by industry experts.
Interpreting CVSS scores - Nessus Tutorial
From the course: Vulnerability Management with Nessus
Interpreting CVSS scores
- [Instructor] Once we've assigned ratings to the individual CVSS metrics, we can combine those ratings to determine the base CVSS score. Let's walk through an example. Here's the CVSS vector for vulnerability where Nessus detected support for the outdated SSL protocol. Now, it looks like just a string of characters, but we now have the information that we need to make sense of it. First, we see here that the string was created using CVSS version 4.0, so we know what tools to use to interpret it. AV:N means that the attack vector is network. An attacker can exploit this vulnerability remotely over the network. AC:L means that the attack complexity is low. It would be easy to exploit this vulnerability. AT:N means that the attack requirements are none. There are no special conditions necessary to exploit this vulnerability. PR:N means that there are no special privileges required to execute the vulnerability. The attacker does not need an existing user or administrator account. UI N…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.