Cvss Calculator

The CVSS Calculator allows users to assess and calculate the severity of security vulnerabilities by inputting various parameters to obtain an Exploitability Score, Impact Score, CVSS Base Score, and a Severity Rating.

Use Our Cvss Calculator

How to Use the CVSS Calculator

This guide will walk you through using the CVSS Calculator to assess the potential risk associated with software vulnerabilities. Follow these steps to understand how to input values and interpret the results.

Step 1: Input Basic Metrics

Begin by entering the required information in the input fields to calculate the CVSS score accurately. These fields are related to the exploitability and impact metrics of a vulnerability.

  1. Attack Vector (AV): Choose from:
    • Network (N): Remote attacks over a network (value: 0.85)
    • Adjacent Network (A): Attacks across a local network (value: 0.62)
    • Local (L): Attacks requiring local access to the system (value: 0.55)
    • Physical (P): Attacks requiring direct physical access (value: 0.2)
  2. Attack Complexity (AC): Choose either:
    • Low (L): Simple attacks needing minimal skill (value: 0.77)
    • High (H): Complex attacks needing specialized skills (value: 0.44)
  3. Privileges Required (PR): Select from:
    • None (N): No privileges required (value: 0.85)
    • Low (L): Low level of privileges needed (value: 0.62)
    • High (H): High level of privileges needed (value: 0.27)
  4. User Interaction (UI): Choose either:
    • None (N): No user interaction is required (value: 0.85)
    • Required (R): User interaction is necessary (value: 0.62)
  5. Scope (S): Choose from:
    • Unchanged (U): Same context as the exploited component (value: 1)
    • Changed (C): Different context post-exploitation (value: 1.5)
  6. Confidentiality Impact (C): Choose from:
    • None (N): No impact (value: 0.0)
    • Low (L): Limited impact (value: 0.22)
    • High (H): Serious impact (value: 0.56)
  7. Integrity Impact (I): Choose from:
    • None (N): No impact (value: 0.0)
    • Low (L): Limited impact (value: 0.22)
    • High (H): Serious impact (value: 0.56)
  8. Availability Impact (A): Choose from:
    • None (N): No impact (value: 0.0)
    • Low (L): Limited impact (value: 0.22)
    • High (H): Serious impact (value: 0.56)

Step 2: Calculate the Scores

Once the input values are entered, the calculator will compute several key metrics that quantify the risk associated with the vulnerability:

  1. Exploitability Score: This is calculated using the formula: 8.22 * attackVector * attackComplexity * privilegesRequired * userInteraction. This score reflects how easily the vulnerability can be exploited.
  2. Impact Score: This is calculated with the formula: 1 - ((1 - confidentiality) * (1 - integrity) * (1 - availability)), which indicates the potential impact of a successful exploit.
  3. Base Score: The base score is determined using: if(impactScore <= 0, 0, min(10, scope * (exploitabilityScore + (impactScore * 6.42)))). It combines both exploitability and impact scores to provide an overall severity rating.

Step 3: Interpret the Severity Rating

The calculator provides a severity rating that categorizes the overall risk as follows:

  1. None: Base Score is less than 0.1.
  2. Low: Base Score is between 0.1 and 3.9.
  3. Medium: Base Score is between 4.0 and 6.9.
  4. High: Base Score is between 7.0 and 8.9.
  5. Critical: Base Score is 9.0 or above.

The severity rating provides a qualitative value to help prioritize the remediation efforts.

Following these steps allows you to effectively use the CVSS Calculator to determine the risk level posed by a security vulnerability and prioritize resources accordingly.