通用漏洞评估方法CVSS 3.0 计算公式中文翻译
CVSS 3.0 计算公式
1.基础得分是由影响力与可利用性两项子得分经函数计算出来的。基础得分的计算公式为: BaseScore 基础得分
当 0 < Impact + Exploitability < 10: 无修正: BaseScore = Roundup(Impact + Exploitability) 被修正后: BaseScore = Roundup[1.08 × (Impact + Exploitability)] 当 Impact + Exploitability > 10: ? 2.影响力得分(isc)计算公式为: 无修正: Impact = 6.42 × ISCbase 其中: ISCbase = 1- [(1 - ConfImpact) × (1 - IntegImpact) × (1 - AvailImpact)]
Exploitability = 8.22 × AttackVector × AttackComplexity × PrivilegeRequired × UserInteraction ? 二、时间得分 1.时间得分的计算公式为: Temporal 时间得分 Temporal = Roundup(BaseScore × Exploitability × RemediationLevel × ReportConfidence)
1.环境得分的计算公式为(所有带M.的值均为修正值,若没有被修正,则该值为基础项的对应原值): 当 M.Impact <= 0: 当 M.Impact > 0 且 无修正: EnvironmentalScore = Roundup(Roundup (Minimum [ (M.Impact + M.Exploitability),10]) × ExploitCodeMaturity × RemediationLevel × ReportConfidence) 当 M.Impact > 0 且 有修正: Round up(Round up (Minimum [1.08 × (M.Impact + M.Exploitability),10]) × ExploitCodeMaturity × RemediationLevel × ReportConfidence)
M.Impact 影响力修正得分 无修正: M.Impact = 6.42 × ISCModified 其中: ISCModified = 1- [(1 - M.IConf × CR) × (1 - M.IInteg × IR) × (1 - M.IAvail × AR)] 当 ISCModified > 0.915 时,ISCModified = 0.915
?
原文出处:https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator? 注: 以下不可见部分为unicode,复制到txt可见 CVSS v3 Equations The CVSS v3.0 equations are defined below. Base The Base Score is a function of the Impact and Exploitability sub score equations. Where the Base score is defined as, If (Impact sub score <= 0) 0 else, and the Impact sub score (ISC) is defined as, Scope Unchanged 6.42 × ??????Base Where, ?????????????? = 1 ? [(1 ? ????????????????????) × (1 ? ??????????????????????) × (1 ? ??????????????????????)]
8.22 × ???????????????????????? × ???????????????????????????????? × ?????????????????????????????????? × ??????????????????????????????
The Temporal score is defined as, ??????????????(?????????????????? × ?????????????????????????????????????? × ???????????????????????????????? × ????????????????????????????????)
The environmental score is defined as, If (Modified Impact Sub score <= 0) 0 else, If Modified Scope is Unchanged Round up(Round up (Minimum [ (M.Impact + M.Exploitability),10]) × Exploit Code Maturity × Remediation Level And the modified Impact sub score is defined as, If Modified Scope is Unchanged 6.42 × [??????????????????????] Where,
8.22 × ??. ???????????????????????? × ??. ???????????????????????????????? × ??. ?????????????????????????????????? × ??. ????????????????????????????n (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |