forked from FredrikHedman/CVSS
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cvss_test01.txt
125 lines (112 loc) · 4.71 KB
/
cvss_test01.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
================================
Basic Metric for CVE-2002-0392
================================
Examples from the cvss specification. Using the Basic Metric trying to
reproduce the examples in the specification.
The base vector for this vulnerability is: AV:N/AC:L/Au:N/C:N/I:N/A:C.
----------------------------------------------------
BASE METRIC EVALUATION SCORE
----------------------------------------------------
Access Vector [Network] (1.00)
Access Complexity [Low] (0.71)
Authentication [None] (0.704)
Confidentiality Impact [None] (0.00)
Integrity Impact [None] (0.00)
Availability Impact [Complete] (0.66)
----------------------------------------------------
BASE FORMULA BASE SCORE
----------------------------------------------------
Impact = 10.41*(1-(1)*(1)*(0.34)) == 6.9
Exploitability = 20*0.71*0.704*1 == 10.0
f(Impact) = 1.176
BaseScore = (0.6*6.9 + 0.4*10.0 1.5)*1.176
== (7.8)
----------------------------------------------------
>>> from cvss import cvs_factory
>>> from cvss import CommonVulnerabilityScore
>>>
>>> selected = ['N', 'L', 'N', 'N', 'N', 'C']
>>> cvs = cvs_factory(CommonVulnerabilityScore, selected)
>>> print(round(cvs.impact, 1))
6.9
>>> print(round(cvs.exploitability, 1))
10.0
>>> print(cvs.base_score)
7.8
>>> print(cvs.base_vulnerability_vector)
AV:N/AC:L/Au:N/C:N/I:N/A:C
This completes the tests for base metrics.
===================================
Temporal Metric for CVE-2002-0392
===================================
Add som more metrics and reproduce the following score.
----------------------------------------------------
TEMPORAL METRIC EVALUATION SCORE
----------------------------------------------------
Exploitability [Functional] (0.95)
Remediation Level [Official-Fix] (0.87)
Report Confidence [Confirmed] (1.00)
----------------------------------------------------
TEMPORAL FORMULA TEMPORAL SCORE
----------------------------------------------------
round(7.8 * 0.95 * 0.87 * 1.00) == (6.4)
----------------------------------------------------
>>> selected = ['N', 'L', 'N', 'N', 'N', 'C', 'F', 'OF', 'C']
>>> cvs = cvs_factory(CommonVulnerabilityScore, selected)
>>> print(round(cvs.impact, 1))
6.9
>>> print(round(cvs.exploitability, 1))
10.0
>>> print(cvs.base_score)
7.8
>>> print(cvs.base_vulnerability_vector)
AV:N/AC:L/Au:N/C:N/I:N/A:C
>>> print(cvs.temporal_score)
6.4
========================================
Environmental Metric for CVE-2002-0392
========================================
----------------------------------------------------
ENVIRONMENTAL METRIC EVALUATION SCORE
----------------------------------------------------
Collateral Damage Potential [None - High] {0 - 0.5}
Target Distribution [None - High] {0 - 1.0}
Confidentiality Req. [Medium] (1.0)
Integrity Req. [Medium] (1.0)
Availability Req. [High] (1.51)
----------------------------------------------------
ENVIRONMENTAL FORMULA ENVIRONMENTAL SCORE
----------------------------------------------------
AdjustedImpact = min(10,10.41*(1-(1-0*1)*(1-0*1)
*(1-0.66*1.51)) == (10.0)
AdjustedBase =((0.6*10)+(0.4*10.0)1.5)*1.176
== (10.0)
AdjustedTemporal == (10*0.95*0.87*1.0) == (8.3)
EnvScore = round((8.3+(10-8.3)*{0-0.5})*{0-1})
== (0.00 - 9.2)
----------------------------------------------------
>>> selected = ['N', 'L', 'N', 'N', 'N', 'C', 'F', 'OF', 'C', 'H', 'H', 'M', 'M', 'H']
>>> cvs = cvs_factory(CommonVulnerabilityScore, selected)
>>> print(round(cvs.impact, 1))
6.9
>>> print(round(cvs.exploitability, 1))
10.0
>>> print(cvs.base_score)
7.8
>>> print(cvs.base_vulnerability_vector)
AV:N/AC:L/Au:N/C:N/I:N/A:C
>>> print(cvs.temporal_vulnerability_vector)
E:F/RL:OF/RC:C
>>> print(cvs.environmental_vulnerability_vector)
CDP:H/TD:H/CR:M/IR:M/AR:H
>>> print(cvs.temporal_score)
6.4
>>>
>>> print(cvs.adjusted_impact)
10.0
>>> print(cvs.adjusted_base_score)
10.0
>>> print(cvs.adjusted_temporal_score)
8.3
>>> print(cvs.environmental_score)
9.2