During a security assessment, an organization noticed a flaw that allows external attackers to trigger unwanted actions on a web portal. They plan to measure its severity using a well-known scoring model. Which factor focuses on how the exploit is delivered, including whether it needs local access or can be initiated through a network?
The correct factor is Attack Vector. This metric accounts for the method by which an attacker deploys or triggers the exploit, such as over a network or through local physical access. The other metrics serve different purposes. Privileges Required measures credential levels needed during or after the exploit, Scope measures authorization impacts that extend beyond the original boundaries, and Confidentiality Impact measures how data privacy is affected. Attack Vector is most relevant to how the exploit itself is delivered.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Attack Vector metric in a scoring model?
Open an interactive chat with Bash
What is the difference between Privileges Required and Attack Vector?
Open an interactive chat with Bash
How does Attack Vector affect the severity score in CVSS?