Re: Question for MITRE about "Attack Type" in CVE request form
On Mon, 7 Nov 2016, Kurt Seifried wrote:
: You have the values:
: which doesn't really map to anything like CVSSv2/3 directly, I'm just
: wondering where this is from?
VulnDB uses the same classifications, and for CVSSv2, Local and Remote
map. Context-dependent is handled as AV:N / AC:M to denote it requires
some interaction by the user. Generally, physical is handled with AV:L /