Explore vulnerability details

The attack vector describes the context or path through which a vulnerability can be exploited. It provides insights into how an attacker can gain access to a system or network. The possible values for the attack vector include:

• Network: Vulnerabilities with this rating are remotely exploitable, either from one or more hops away or over the internet.

• Adjacent: A vulnerability with this rating requires network adjacency for exploitation, meaning the attack must originate from the same physical or logical network.

• Local: Vulnerabilities with this rating are not exploitable over a network. The attacker must have local access to the system or employ remote access protocols like SSH or RDP. Social engineering techniques may also be used to trick unsuspecting users into initiating the exploit.

• Physical: In this type of attack, the adversary must physically interact with the target system to exploit the vulnerability.

The attack complexity describes the level of difficulty involved in successfully exploiting a vulnerability. It assesses the ease or complexity of launching an attack using the vulnerability and can be categorized as either Low or High.

Privilege describes the level of privilege or access an attacker requires to successfully use a vulnerability. The level of privilege can be categorized as:

• None: There are no privileges required to abuse a vulnerability.

• Low: A limited amount of privileges are required to abuse a vulnerability.

• High: A high amount of privileges are required to abuse a vulnerability.

Measures the integrity impact on the system directly containing the vulnerability.

• None: There is no loss of integrity of any information on the vulnerable system.

• Low: A limited amount of information on the vulnerable system might be tampered with or modified, but there is no serious impact on the system itself.

• High: The attacker can modify any or all information on the vulnerable system, resulting in a complete loss of integrity.

Measures the integrity impact on systems or components beyond the one directly containing the vulnerability.

• None: There is no loss of integrity on any subsequent system or component.

• Low: A limited amount of information on a subsequent system might be tampered with or modified, but without serious consequences beyond that system.

• High: The attacker can modify any or all information on one or more subsequent systems, resulting in a complete loss of integrity beyond the originally vulnerable component.

Integrity refers to the impact on the integrity of information resulting from the successful use of a vulnerability. It evaluates the potential tampering or modification of data and can be categorized as follows:

• None: There is no loss of integrity of any information.

• Low: A limited amount of information might be tampered with or modified, but there is no serious impact on the protected system.

• High: The attacker can modify any/all information on the target system, resulting in a complete loss of integrity.

User interaction refers to whether a user, other than the attacker, needs to perform an action for the successful exploitation of a vulnerability. User interaction can be categorized as follows:

• Passive: No user interaction is required for the vulnerability to be exploited.

• Active: A user must complete specific steps or actions for the exploit to succeed. For example, the user might be prompted to install certain software or perform an action that aids the attacker.

Measures the confidentiality impact on the system directly containing the vulnerability.

• None: There is no loss of confidentiality on the vulnerable system.

• Low: The vulnerability might result in limited or intermittent exposure of information on the vulnerable system.

• High: Successful exploitation leads to a complete loss of confidentiality on the vulnerable system, potentially exposing all information it holds.

Measures the confidentiality impact on systems or components beyond the one directly containing the vulnerability.

• None: There is no loss of confidentiality on any subsequent system or component.

• Low: The vulnerability might result in limited or intermittent exposure of information on one or more subsequent systems.

• High: Successful exploitation leads to a complete loss of confidentiality on one or more subsequent systems, beyond the originally vulnerable component.

Confidentiality measures the impact on the confidentiality of information resulting from the successful use of a vulnerability. It evaluates the potential exposure of sensitive data and can be classified into the following categories:

• None: There is no loss of confidentiality.

• Low: The vulnerability might result in limited or intermittent impact on the confidentiality of information.

• High: The successful exploitation of the vulnerability leads to a complete loss of confidentiality of the impacted system or information.

Measures the availability impact on the system directly containing the vulnerability.

• None: There is no loss of availability on the vulnerable system.

• Low: Availability of the vulnerable system might be intermittently limited, or its performance negatively impacted, as a result of a successful attack.

• High: There is a complete loss of availability of the vulnerable system.

Measures the availability impact on systems or components beyond the one directly containing the vulnerability.

• None: There is no loss of availability on any subsequent system or component.

• Low: Availability of one or more subsequent systems might be intermittently limited, or their performance negatively impacted, as a result of a successful attack.

• High: There is a complete loss of availability of one or more subsequent systems, beyond the originally vulnerable component.

Availability impact measures the impact on system availability resulting from the successful use of a vulnerability. It assesses the potential disruption or loss of service and can be classified into the following categories:

• None: There is no loss of availability.

• Low: Availability might be intermittently limited, or the performance might be negatively impacted as a result of a successful attack.

• High: There is a complete loss of availability of the impacted system or information.

Reflects how important the protection of sensitive information is within your specific environment. Use this to adjust the vulnerability's score to better reflect the real-world impact a confidentiality breach would have in your organization.

• Low: A loss of confidentiality would have limited impact on operations, assets, or individuals.

• Medium: A loss of confidentiality would have a moderate impact on operations, assets, or individuals.

• High: A loss of confidentiality would have a severe or catastrophic impact on operations, assets, or individuals.

Reflects how important the accuracy and trustworthiness of data is within your specific environment. Use this to adjust the vulnerability's score to better reflect the real-world impact unauthorized data modification would have in your organization.

• Low: A loss of integrity would have limited impact on operations, assets, or individuals.

• Medium: A loss of integrity would have a moderate impact on operations, assets, or individuals.

• High: A loss of integrity would have a severe or catastrophic impact on operations, assets, or individuals.

Reflects how important continuous access to systems and services is within your specific environment. Use this to adjust the vulnerability's score to better reflect the real-world impact of a service disruption in your organization.

• Low: A loss of availability would have limited impact on operations, assets, or individuals.

• Medium: A loss of availability would have a moderate impact on operations, assets, or individuals.

• High: A loss of availability would have a severe or catastrophic impact on operations, assets, or individuals.

Indicates whether an attacker can reliably automate all steps of the attack chain for this vulnerability, from initial reconnaissance through to impact. This is based on the SSVC (Stakeholder-Specific Vulnerability Categorization) model.

• No: The attack chain cannot be fully automated, requiring manual effort at one or more stages.

• Yes: The full attack chain can be reliably automated at scale, increasing the likelihood of widespread exploitation.

Describes how well an affected system can restore normal operation after a successful attack, without the need for replacement of hardware or software.

• Automatic: The system recovers on its own without any user or administrator intervention.

• User: Recovery is possible but requires manual action by a user or administrator.

• Irrecoverable: The system cannot be restored to its pre-attack state. Replacement or rebuilding is required.

Describes whether successful exploitation of this vulnerability could impact physical or functional safety, as defined by the IEC 61508 functional safety standard. This metric is particularly relevant for operational technology (OT) and industrial control systems (ICS) environments.

• Negligible: No potential for physical harm or safety system impact.

• Present: Exploitation could result in injury, loss of life, or failure of safety-critical systems or functions.

Describes the concentration of resources within the systems affected by this vulnerability. It indicates how much an attacker stands to gain from a single successful compromise.

• Diffuse: The affected systems hold a limited or distributed set of resources. A successful attack yields relatively low value per compromised system.

• Concentrated: The affected systems hold a high concentration of valuable resources. A successful attack could yield significant access, data, or control.

Describes how much work is required for the consumer (typically an organization's security or IT team) to respond to this vulnerability, once it has been identified.

• Low: The response is straightforward and can be completed quickly, for example by applying a vendor patch with minimal testing or change management required.

• Moderate: The response requires some planning or effort, for example due to testing requirements, system dependencies, or partial remediation options.

• High: The response is complex or resource-intensive, for example due to the absence of a patch, the need for architectural changes, or significant operational disruption.

Reflects the priority assigned to this vulnerability by the vendor or provider responsible for the affected product. It supplements the CVSS score with the provider's own assessment of how urgently the vulnerability should be addressed, and may account for context not captured in the base metrics.

Values are defined by the individual vendor or provider and may include labels such as Clear, Green, Amber, or Red, in line with the TLP (Traffic Light Protocol) color convention.

The Exploit Prediction Scoring System (EPSS) predicts the likelihood of a vulnerability being exploited in the wild within the next 30 days. It assigns a score between 0 and 1 (or 0 to 100%), with higher scores indicating a greater probability of exploitation.

The EPSS score consists of:

• EPSS score: Indicates how likely a vulnerability is to be exploited.

• EPSS percentile: Displays the percentile rank of the vulnerability compared to all others in the EPSS dataset.

• Last modified: Records the last time the EPSS data for this particular vulnerability was updated.

Many organizations rely on EPSS to prioritize their vulnerability management efforts. A high-scoring vulnerability may warrant immediate action, while lower scores may allow for deferring or handling vulnerabilities through other means.

Indicates the likelihood that a vulnerability can be exploited. This value is calculated by Lansweeper, based on available data and known exploit information.

Shows whether a vulnerability (CVE) is known to be actively exploited by attackers in real‑world environments.

Categorizes exploits based on their potential impact, distinguishing between higher and lower-risk exploits.

Possible classifications include: Initial access, Remote with credentials exploits, Local, Client-side, Infoleak, and Denial of Service.

Describes the development stage of existing exploit techniques and the availability of exploit code.

Possible maturity levels include:

• Weaponized: Refers to explicitly malicious exploits (e.g. integrated into malware) that have been reported as exploited in the wild. These exploits are often used in real-world attacks, work reliably across many targets (e.g. exploits in MetaSploit, VulnCheck IAI, CANVAS, or Core Impact), and may include secondary payloads like droppers or implants.

• Proof of Concept (POC): Demonstrates the potential for exploitation, but is not yet weaponized. POCs may come in various forms, such as blog posts, Python scripts, or curl commands.

Documents instances where ransomware groups exploited the vulnerability in their attacks.

Documents instances where malicious threat actors actively exploited the vulnerability.

Documents instances botnets have used the vulnerability to compromise systems.

Indicates whether a publicly available exploit code or method for the vulnerability has been identified.

Indicates whether exploit code or methods for the vulnerability are available through commercial vendors.

Indicates whether CISA has detected an exploit using this vulnerability.

Recommended actions users should take to mitigate the exploit.

The deadline for applying a patch or mitigation.

Information on whether the vulnerability has been used in ransomware campaigns.

A score indicating how difficult it is for an attacker to exploit the vulnerability, rated as low, medium, high, or critical.

Provides details on the potential impact of the vulnerability on systems.

Indicates the likelihood of an exploit using this vulnerability, categorized as exploitation detected, more likely, less likely, or unlikely, based on Microsoft's observations.