Common Vulnerability Scoring System for Penetration Testers
During Penetration Testing , we often have to send the report of the test , and provide the rating for the Vulnerabilities discovered during the test . Here is an Excellent Vulnerability score
calculator “Common Vulnerability Scoring System“from National Vulnerability Database .
This Vulnerability reporting is important step when closing a penetration step . Well it’s not just important to report the vulnerabilities , but it is as important to Score these vulnerabilities . National Vulnerability Database “NVD” provides the scoring mechanism through “ CVSS “ (Common Vulnerability Scoring System) .
Here is the Screenshot of the Tool :
What is CVSS
“The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. Its quantitative model ensures repeatable accurate measurement while enabling users to see the underlying vulnerability characteristics that were used to generate the scores. Thus, CVSS is well suited as a standard measurement system for industries, organizations, and governments that need accurate and consistent vulnerability impact scores. Two common uses of CVSS are prioritization of vulnerability remediation activities and in calculating the severity of vulnerabilities discovered on one’s systems. The National Vulnerability Database (NVD) provides CVSS scores for almost all known vulnerabilities.”
How to Use CVSS
Common Vulnerability Scoring System “CVSS” is an easy way to score the vulnerabilities .
First We Need to provide the Base Score Metrics:
- Exploitability Metrics
- Access Vector
- Access Complexity
- Authentication
- Impact Metrics
- Confidentiality Impact
- Integrity Impact
- Availability Impact
Then Provide the Temporal Score Metrics
- Exploitability (E)
- Remediation Level (RL)
- Report Confidence(RC)
Provide the Environmental Score Metrics
- Collateral Damage Potential (CDP)
- Target Distribution (TD)
Final Scores : The Final Scores are Calculated Based the above 3 Parameters :
Base Scores
Temporal Scores
Environmental Scores
We Get the Overall Score as the result .
If you are into penetration testing and Vulnerability Reporting then CVSS can prove very helpful when scoring the Vulnerabilities .
Link to the Tool : Here
#Please Share , Like or Comment if this Post was helpful !