Vulnerability Scoring Systems in Ethical Hacking

To create new vulnerabilities

To identify vulnerabilities

To assess and prioritize vulnerabilities for remediation

To increase network speed

They guarantee 100% security.

They provide a standardized way to assess and prioritize vulnerabilities.

They eliminate the need for patching.

They make security assessments more complex.

CVSS (Common Vulnerability Scoring System)

NVSS (Network Vulnerability Scoring System)

TVSS (Total Vulnerability Scoring System)

EVSS (Enterprise Vulnerability Scoring System)

CVSSv2 is newer than CVSSv3.

CVSSv2 uses a different scoring scale than CVSSv3.

CVSSv3 includes a temporal score while CVSSv2 does not.

CVSSv2 is more complex than CVSSv3.

Use the system to exaggerate the severity of vulnerabilities.

Always choose the highest possible score for a vulnerability.

Use scoring systems accurately and ethically to avoid false alarms or downplaying real risks.

Ignore scoring systems in favor of manual assessments.