210-255 · Question #177
Which CVSS Attach Vector metric value means that the vulnerable component is not bound to the network stack and the path of the attacker is via read/write/execute capabilities?
The correct answer is C. local. The CVSS Attack Vector metric 'Local' describes vulnerabilities that require the attacker to have direct local access rather than exploiting a network-exposed component.
Question
Which CVSS Attach Vector metric value means that the vulnerable component is not bound to the network stack and the path of the attacker is via read/write/execute capabilities?
Options
- Anetwork
- Bphysical
- Clocal
- Dadjacent
How the community answered
(27 responses)- A4% (1)
- B4% (1)
- C93% (25)
Why each option
The CVSS Attack Vector metric 'Local' describes vulnerabilities that require the attacker to have direct local access rather than exploiting a network-exposed component.
The Network attack vector means the vulnerable component IS bound to the network stack and can be exploited remotely without requiring local system access.
The Physical attack vector requires the attacker to have hands-on physical contact with the hardware, which is a more restrictive condition than simply having local OS-level access.
The Local attack vector in CVSS v3.1 specifies that the vulnerable component is not bound to the network stack. Exploitation requires the attacker to have local read, write, or execute capabilities on the target system. This distinguishes it from Network and Adjacent vectors, which both require some form of network stack binding.
The Adjacent attack vector still requires the attacker to be on the same shared physical or logical network segment as the target, meaning network stack binding is still involved.
Concept tested: CVSS v3.1 Attack Vector metric - Local value
Source: https://www.first.org/cvss/v3.1/specification-document
Topics
Community Discussion
No community discussion yet for this question.