CWSS Vector and Score Generator

CWSS Vector and Score

Vector:

Score:

Qualitative Rating:

Base Finding Metrics

Technical Impact (TI)

Critical High Medium Low None

Acquired Privilege (AP)

Administrator Partially-Privileged User Regular User Limited/Guest None

Acquired Privilege Layer (AL)

Application System Network

Internal Control Effectiveness (IC)

None Limited Moderate Indirect Best-Available Complete

Finding Confidence (FC)

Proven True Proven Locally True Proven False

Attack Surface Metrics

Required Privilege (RP)

None Limited/Guest Regular User Partially-Privileged User Administrator

Required Privilege Layer (RL)

Application System Network

Access Vector (AV)

Internet Intranet Private Network Adjacent Network Local Physical

Authentication Strength (AS)

Strong Moderate Weak None

Level of Interaction (IN)

Automated Typical/Limited Moderate Opportunistic High

Deployment Scope (SC)

All Moderate Rare Potentially Reachable

Environmental Metrics

Business Impact (BI)

Critical High Medium Low None

Likelihood of Discovery (DI)

High Medium Low

Likelihood of Exploit (EX)

High Medium Low

External Control Effectiveness (EC)

None Limited Moderate Indirect Best-Available Complete

Prevalence (P)

Widespread High Common Limited