question

LBalcerak avatar image
LBalcerak asked rwcmjack answered

In Avalanche Vulnerability Assessment who rates the Severity Level

In Avalanche Vulnerability Assessment within the Attack Description there is a Severity Level of Critical, High, Moderate or Low. Who determines or where does this Severity level originate? Is it a Spirent decision on the Threat Severity or is it based on outside Agency input?

Avalancheavalanche attack designer
10 |950

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
rwcmjack avatar image
rwcmjack answered

Hi Lenny

The severity level is based on the criteria of the threats impact and is based on a number of vectors associated with each threat - this is following outside agency criteria

Example - if a threat has all of these associated components as true it is flagged as critical

Server Compromise Non-Privileged Code ExecutionVery Broadly Deployed The Vulnerable Software is in Wide ENTERPRISE Deployment The Vulnerable Software is from a Major Enterprise VendorInfrastructure Assets Affected

10 |950

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.