Question for MITRE about "Attack Type" in CVE request form

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Question for MITRE about "Attack Type" in CVE request form

kseifried@redhat.com
You have the values:

Context-dependent

Definition

Local

Physical

Remote

which doesn't really map to anything like CVSSv2/3 directly, I'm just wondering where this is from?


--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question for MITRE about "Attack Type" in CVE request form

jericho
On Mon, 7 Nov 2016, Kurt Seifried wrote:

: You have the values:
:
: Context-dependent
:
: Local
:
: Physical
:
: Remote
:
: which doesn't really map to anything like CVSSv2/3 directly, I'm just
: wondering where this is from?

VulnDB uses the same classifications, and for CVSSv2, Local and Remote
map. Context-dependent is handled as AV:N / AC:M to denote it requires
some interaction by the user. Generally, physical is handled with AV:L /
AC:H.
Loading...