Skip to content

Commit cff8fb4

Browse files
committed
Minor improvements
1 parent d7709a0 commit cff8fb4

1 file changed

Lines changed: 3 additions & 1 deletion

File tree

trainingportal/static/lessons/cvss/cvss_1_intro.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -150,6 +150,8 @@ CVSS Base metrics go into 2 broad categories:
150150
- [regreSSHion CVE-2024-6387](https://www.first.org/cvss/v4-0/examples#regreSSHion-CVE-2024-6387)
151151
- Attackers must defeat memory safety defenses in order to achieve code execution
152152

153+
**NOTE**: It is important to note that Attack Complexity is **not** related to exploit complexity. A proof-of-concept for exploiting a vulnerability may be a sophisticated piece of code itself, but that does not necessarily have effect on the Attack Complexity metric. You should ask not "How hard would it be for someone to design the exploit code?", but instead ask "How hard would it be for someone having access to the exploit code to overcome the security conditions in order for this attack to work?"
154+
153155
#### [Attack Requirements (AT)](https://www.first.org/cvss/v4-0/specification-document#Attack-Requirements-AT)
154156

155157
- **Question**: Are there any non-security-specific conditions that need to be overcome?
@@ -226,7 +228,7 @@ Impact is only measured in terms of what is gained by exploiting a vulnerability
226228

227229
CVSS v4 introduces separate impact scores for the Vulnerable (`V`) system and Subsequent (`S`) systems (previously in CVSS v3 this used to be marked by a Scope (`S`) metric).
228230

229-
The CVSS documentation includes a [User Guide](https://www.first.org/cvss/v4-0/user-guide#Vulnerable-System-and-Subsequent-System) with some examples on scope scoring.
231+
The CVSS documentation includes a [CVSS User Guide](https://www.first.org/cvss/v4-0/user-guide#Vulnerable-System-and-Subsequent-System) with some examples on scope scoring.
230232

231233
Examples of change of scope (vulnerable to subsequent) for impact:
232234

0 commit comments

Comments
 (0)