Together these metrics result in a base score of 64

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: these metrics result in a base score of 6.4. If the vulnerability is exploited to cause a denial of service, the Availability Impact is set to “Complete”. Together, the metrics produce a base score of 7.8. Since this is the highest possible base score of the exploitation options, it is used as the base score. The base vector for this vulnerability is therefore: AV:N/AC:L/Au:N/C:N/I:N/A:C. Exploit code is known to exist and therefore Exploitability is set to “Functional”. The Apache foundation has released patches for this vulnerability (available to both 1.3 and 2.0) and so Remediation Level is “Official-Fix”. Naturally, report confidence is “Confirmed”. These metrics adjust the base score to give a temporal score of 6.4. Assuming that availability is more important than usual for the targeted systems, and depending on the values for Collateral Damage Potential and Target Distribution, the environmental score could vary between 0.0 (“None”, “None”) and 9.2 (“High”, “High”). The results are summarized below. ---------------------------------------------------BASE METRIC EVALUATION SCORE ---------------------------------------------------Access Vector [Network] (1.00) Access Complexity [Low] (0.71) Authentication [None] (0.704) Confidentiality Impact [None] (0.00) Integrity Impact [None] (0.00) Availability Impact [Complete] (0.66) ---------------------------------------------------BASE FORMULA BASE SCORE ---------------------------------------------------Impact = 10.41*(1-(1)*(1)*(0.34)) == 6.9 Exploitability = 20*0.71*0.704*1 == 10.0 f(Impact) = 1.176 BaseScore = (0.6*6.9 + 0.4*10.0 – 1.5)*1.176 == (7.8) ------------------------------------------------------------------------------------------------------TEMPORAL METRIC EVALUATION SCORE ---------------------------------------------------Exploitability [Functional] (0.95) Remediation Level [Official-Fix] (0.87) Report Confidence [Confirmed] (1.00) ---------------------------------------------------TEMPORAL FORMULA TEMPORAL SCORE ---------------------------------------------------round(7.8 * 0.95 * 0.87 * 1.00) == (6.4) ------------------------------------------------------------------------------------------------------ENVIRONMENTAL METRIC EVALUATION SCORE ---------------------------------------------------Collateral Damage Potential [None - High] {0 - 0.5} Target Distribution [None - High] {0 - 1.0} Confidentiality Req. [Medium] (1.0) Integrity Req. [Medium] (1.0) Availability Req. [High] (1.51) 17 THE COMMON VULNERABILITY SCORING SYSTEM (CVSS) AND ITS APPLICABILITY TO FEDERAL AGENCY SYSTEMS ---------------------------------------------------ENVIRONMENTAL FORMULA ENVIRONMENTAL SCORE ---------------------------------------------------AdjustedImpact = min(10,10.41*(1-(1-0*1)*(1-0*1) *(1-0.66*1.51)) == (10.0) AdjustedBase =((0.6*10)+(0.4*10.0)–1.5)*1.176 == (10.0) AdjustedTemporal == (10*0.95*0.87*1.0) == (8.3) EnvScore = round((8.3+(10-8.3)*{0-0.5})*{0-1}) == (0.00 - 9.2) -------------------...
View Full Document

Ask a homework question - tutors are online