Common Vulnerability Scoring System for Penetration Testers

Common Vulnerability Scoring System for Penetration Testers

During Penetration Testing , we often have to send the report of the test , and provide the rating for the Vulnerabilities discovered during the test . Here is an Excellent Vulnerability score

cvss

calculator Common Vulnerability Scoring System from National Vulnerability Database .

This Vulnerability reporting is important step when closing a penetration step . Well it’s not just important to report the vulnerabilities , but it is as important to Score these vulnerabilities . National Vulnerability Database “NVD” provides the scoring mechanism through  CVSS “ (Common Vulnerability Scoring System) .

Here is the Screenshot of the Tool :

CVSS

What is CVSS 

“The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. Its quantitative model ensures repeatable accurate measurement while enabling users to see the underlying vulnerability characteristics that were used to generate the scores. Thus, CVSS is well suited as a standard measurement system for industries, organizations, and governments that need accurate and consistent vulnerability impact scores. Two common uses of CVSS are prioritization of vulnerability remediation activities and in calculating the severity of vulnerabilities discovered on one’s systems. The National Vulnerability Database (NVD) provides CVSS scores for almost all known vulnerabilities.”

How to Use CVSS 

Common Vulnerability Scoring System “CVSS” is an easy way to score the vulnerabilities .

First We Need to provide the Base Score Metrics: 

  • Exploitability Metrics
    • Access Vector
    • Access Complexity
    • Authentication
  • Impact Metrics
    • Confidentiality Impact
    • Integrity Impact
    • Availability Impact

Then Provide the Temporal Score Metrics

  • Exploitability (E)
  • Remediation Level (RL)
  • Report Confidence(RC)

Provide the Environmental Score Metrics

  • Collateral Damage Potential (CDP)
  • Target Distribution (TD)

Final Scores :  The Final Scores are Calculated Based the above 3 Parameters :

Base Scores

Temporal Scores

Environmental Scores

We Get the Overall Score as the result .

If you are into penetration testing and Vulnerability Reporting then CVSS can prove very helpful when scoring the Vulnerabilities .

Link to the Tool : Here

#Please Share , Like or Comment if this Post was helpful !

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s