Common Vulnerability Scoring System

C
Written By Threat NG Staff

CVSS (Common Vulnerability Scoring System) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. It provides a numerical score that reflects a vulnerability's potential impact and exploitability. This score helps organizations prioritize vulnerability management and respond effectively to security flaws.

Here's a breakdown of the key aspects of CVSS:

  • Standardization: CVSS provides a standardized way to measure and describe the severity of vulnerabilities. This allows for consistent communication and comparison of vulnerability impact across different systems and organizations.

  • Components: CVSS consists of three metric groups:

    • Base Metric Group: This group represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. It includes metrics like attack vector, attack complexity, privileges required, user interaction, scope, confidentiality impact, integrity impact, and availability impact.

    • Temporal Metric Group: This group represents the characteristics of a vulnerability that may change over time but not across all user environments. It includes metrics like exploit code maturity, remediation level, and report confidence.

    • Environmental Metric Group: This group represents the characteristics of a vulnerability specific to a particular user's environment. It allows organizations to tailor the CVSS score to risk tolerance and security controls.

  • Scoring: CVSS produces a numerical score between 0 and 10, where higher scores indicate greater severity. The overall CVSS score is calculated by combining scores from the three metric groups.

  • Severity Ratings: CVSS scores are often associated with qualitative severity ratings, such as "Critical," "High," "Medium," and "Low," to provide a more intuitive understanding of the severity of the vulnerability.

ThreatNG and CVSS

ThreatNG incorporates CVSS to provide a standardized measure of vulnerability severity, aiding in risk prioritization and management.

1. Intelligence Repositories

  • DarCache Vulnerability: This is ThreatNG's core vulnerability intelligence repository. It leverages CVSS to provide severity scoring.

    • NVD (DarCache NVD): ThreatNG uses data from the National Vulnerability Database (NVD), which employs CVSS scoring. This data includes the CVSS score and severity rating, giving users a standardized way to assess the potential impact of vulnerabilities.

2. How ThreatNG Uses CVSS Across Modules

  • External Discovery: ThreatNG's external discovery identifies assets. CVSS becomes relevant when the assessment modules evaluate these assets for vulnerabilities.

    • Example: ThreatNG discovers a web server. Assessment modules then check for known vulnerabilities and their associated CVSS scores to determine the risk they pose.

  • External Assessment: ThreatNG's assessment modules use CVSS to quantify the severity of vulnerabilities.

    • Example: If ThreatNG's "Cyber Risk Exposure" assessment identifies a vulnerable component, it will report the vulnerability's CVSS score to indicate its severity.

  • Reporting: ThreatNG's reports use CVSS scores and severity ratings to help security teams prioritize vulnerabilities.

    • Example: Prioritized reports will likely sort vulnerabilities by their CVSS score, highlighting the most critical issues that need immediate attention.

  • Continuous Monitoring: ThreatNG's continuous monitoring can track changes in CVSS scores or the emergence of new high-severity vulnerabilities.

    • Example: If a vulnerability's CVSS score is updated to reflect a higher risk, ThreatNG can alert security teams.

  • Investigation Modules: ThreatNG's investigation modules use CVSS data to provide context during threat hunting and incident response.

    • Example: If a security analyst is investigating a potential intrusion, CVSS scores can help them assess the severity of any exploited vulnerabilities.

3. Synergies with Complementary Solutions

  • Vulnerability Management Solutions: ThreatNG's external vulnerability data, including CVSS scores, can be combined with internal vulnerability scan data to comprehensively view an organization's vulnerability posture.

  • SIEM Systems: SIEMs can use CVSS scores from ThreatNG to prioritize security events. For example, events related to a vulnerability with a high CVSS score might trigger a more urgent response.

  • Threat Intelligence Platforms (TIPs): TIPs can use CVSS data from ThreatNG to enrich their threat feeds and provide more accurate risk assessments.

Threat NG Staff
Previous

Exploit Intelligence
Next

CVSS