LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1

Unlock the full course today

Join today to access over 24,700 courses taught by industry experts.

Modified base metrics in CVSS

Modified base metrics in CVSS

From the course: Vulnerability Management: Assessing the Risks with CVSS v3.1

Start my 1-month free trial Buy for my team

Modified base metrics in CVSS

“

- [Instructor] What happens when a vulnerability already has a CVSS base score, but the base metrics don't really apply in your environment or to a specific system in your environment? It's kind of like a square peg in a round hole. Do you just roll with it or is there a better way? I always say that if you think there's got to be a better way, there probably is. You just haven't found it yet. Well in this situation, it's modified based metrics. Modified base metrics are the factors like access vector, access complexity, and so on from the base metrics group, but they're specific to your situation. And that means you can tweak those metrics to reflect your unique situation and override the base metrics. Imagine that you have a vulnerability where the privileges required under normal circumstances is high, the lower risk value. This particular vulnerability requires that the attacker have access to an account with elevated…

Contents