Which CVSSv3 metric value increases when the attacker is able to modify all files protected by the vulnerable component?

Which CVSSv3 metric value increases when the attacker is able to modify all files protected by the vulnerable component?
A. confidentiality
B. integrity
C. availability
D. complexity

cisco-exams

5 thoughts on “Which CVSSv3 metric value increases when the attacker is able to modify all files protected by the vulnerable component?

  1. CVSSv3
    Consider a vulnerability in an Internet service such as web, email, or DNS that allows an attacker to modify or delete all web files in a directory would incur an impact to Integrity only, rather than Availability. The reason is that the web service is still performing properly – it just happens to be serving back altered content.
    ANSWER = B

    1. Yep, Ray is spot on. Good def reference. This Q is tricky – confidentiality relates to resources being divulged whereas integrity is the possibility of all files being modified) So B for sure.

  2. Answer is B
    Excerpt from CVSSv3 Base Metric text:
    Integrity Impact (I): This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information.
    High: There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any or all files that are protected by the impacted component. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the impacted component.

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.