nerdexam
Cisco

210-255 · Question #2

Which CVSSv3 Attack Vector metric value requires the attacker to physically touch or manipulate the vulnerable component?

The correct answer is B. physical. The CVSSv3 Physical attack vector is the only metric value requiring an attacker to physically touch or manipulate the vulnerable component to exploit it.

Attack Methods

Question

Which CVSSv3 Attack Vector metric value requires the attacker to physically touch or manipulate the vulnerable component?

Options

  • Alocal
  • Bphysical
  • Cnetwork
  • Dadjacent

How the community answered

(30 responses)
  • B
    90% (27)
  • C
    7% (2)
  • D
    3% (1)

Why each option

The CVSSv3 Physical attack vector is the only metric value requiring an attacker to physically touch or manipulate the vulnerable component to exploit it.

Alocal

The Local attack vector requires the attacker to have a local account or command-line access but does not require physically touching or manipulating the hardware component itself.

BphysicalCorrect

CVSSv3 defines the Physical (P) attack vector as requiring the attacker to physically touch or manipulate the vulnerable component - examples include cold boot attacks, hardware implants, or exploiting a device only accessible via direct connection. This is the most restrictive attack vector in the CVSSv3 specification because exploitation cannot be performed remotely or across a network.

Cnetwork

The Network attack vector means the component is exploitable from any remote network location with no physical proximity or local access required.

Dadjacent

The Adjacent attack vector requires the attacker to share the same network segment or broadcast domain as the target but does not require physical contact with the device.

Concept tested: CVSSv3 Physical Attack Vector metric definition

Source: https://www.first.org/cvss/v3.0/specification-document

Topics

#CVSSv3#attack vector#vulnerability scoring#physical access

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice