Which CVSSv3 Attack Vector metric value requires the attacker to physically touch or manipulate the vulnerable component?
A. local
B. physical
C. network
D. adjacent
Which CVSSv3 Attack Vector metric value requires the attacker to physically touch or manipulate the vulnerable component?
A. local
B. physical
C. network
D. adjacent
reff: https://tools.cisco.com/security/center/resources/understanding-terminology.html
correct B
Attack Vector (AV): This metric reflects the context by which vulnerability exploitation is possible. This metric value and the base score will correlate with an attacker’s proximity to a vulnerable component. The score will be higher the more remote (logically and physically) an attacker is from the vulnerable component.
Local: Exploiting the vulnerability requires either physical access to the target or a local (shell) account on the target.
Adjacent: Exploiting the vulnerability requires access to the local network of the target, and cannot be performed across an OSI Layer 3 boundary.
Network: The vulnerability is exploitable from remote networks. Such a vulnerability is often termed “remotely exploitable,” and can be thought of as an attack being exploitable one or more network hops away, such as across Layer 3 boundaries from routers.
Physical: A vulnerability exploitable with physical access requires the attacker to physically touch or manipulate the vulnerable component.