Which CVSSv3 metric captures the level of access that is required for a successful attack?
A. attack vector
B. attack complexity
C. privileges required
D. user interaction
Which CVSSv3 metric captures the level of access that is required for a successful attack?
https://www.first.org/cvss/user-guide
2.4. Privileges Required
The new metric, Privileges Required, replaces the Authentication metric of v2.0. Instead of measuring the number of times an attacker must separately authenticate to a system, Privileges Required captures the level of access required for a successful attack. Specifically, the metric values High, Low, and None reflect the privileges required by an attacker in order to exploit the vulnerability.
Correct Answer = Privileges Required
Ans: C
https://www.first.org/cvss/user-guide
2.4. Privileges Required
The new metric, Privileges Required, replaces the Authentication metric of v2.0. Instead of measuring the number of times an attacker must separately authenticate to a system, Privileges Required captures the level of access required for a successful attack. Specifically, the metric values High, Low, and None reflect the privileges required by an attacker in order to exploit the vulnerability.
ans: C
CVSS v3.0 Base Metrics
The base metric group represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. It is composed of two sets of metrics: the exploitability metrics (attack vector, attack complexity, privileges required, user interaction, scope) and the impact metrics (confidentiality, integrity, availability).
Attack Vector (AV): This metric reflects the context by which vulnerability exploitation is possible.
Attack Complexity (AC): This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability.
Privileges Required (PR): This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.
User Interaction (UI): This metric indicates whether or not a user other than the attacker must participate in order the exploitation of a vulnerability to succeed.
Agreed.
Nop its C because privileges determine your level of access such as top secret, full access, limited access etc
but attack complexity only determines the effort needed to gain access
i think the answer is A,
what do u think ?
It is A
Attack Vector (AV) represents the level of access an attacker needs to
have to exploit a vulnerability. It can assume four values:
Network (N)
Adjacent (A)
Local (L)
Physical (P)
YOUR WRONG