Critical (9.0 – 10.0)
Vulnerabilities that score in the critical range usually have most of the following characteristics:
- Exploitation of the vulnerability likely results in root-level compromise of servers or infrastructure devices.
- Exploitation is usually straightforward, in the sense that the attacker does not need any special authentication credentials or knowledge about individual victims, and does not need to persuade a target user, for example via social engineering, into performing any special functions.
- This rating is given to flaws that could be easily exploited by a remote unauthenticated attacker and lead to system compromise (arbitrary code execution) without requiring user interaction. These are the types of vulnerabilities that can be exploited by worms. Flaws that require an authenticated remote user, a local user, or an unlikely configuration are not classed as Critical impact.
- Intruders can easily gain control of the host, which can lead to the compromise of your entire network security and may include full read and write access to files, remote execution of commands, and the presence of backdoors.
Impacts of Critical Severity Vulnerabilities
These vulnerabilities can allow attackers to take complete control of your resources. In exploiting this type of vulnerability, attackers could carry out a range of malicious acts including (but not limited to):
- Stealing information (for example, user data)
- Tricking your users into supplying them with sensitive information (for example, credit card details)
- Defacing your website
By exploiting a critical severity vulnerability, attackers can access your website’s entire server. This allows them to acquire user and administrator information that might allow them to make changes such as delete or modify other user accounts.
On exploiting such vulnerabilities, attackers can access and control logged-in user or administrator accounts, enabling them to hijack accounts and make changes that typically only those users can.
Suggested Action for Critical Severity Vulnerabilities
A Critical severity vulnerability means that resources can be exploited at any time. It is advised to make it the highest priority to fix these vulnerabilities immediately via patching, upgrading or other mitigation measures. Once a fix action has been implemented, rescan the affected resource to ensure the vulnerability or weakness has been mitigated.
High (7.0 – 8.9)
Vulnerabilities that score in the high range usually have some of the following characteristics:
- The vulnerability is difficult to exploit.
- Exploitation could result in elevated privileges.
- Exploitation could result in a significant data loss or downtime
- This rating is given to flaws that can easily compromise the confidentiality, integrity, or availability of resources. These are the types of vulnerabilities that allow local users to gain privileges, allow unauthenticated remote users to view resources that should otherwise be protected by authentication, allow authenticated remote users to execute arbitrary code, or allow remote users to cause a denial of service.
- Intruders can possibly gain control of the host, or there may be potential leakage of highly sensitive information. For example, vulnerabilities at this level may include full read access to files, potential backdoors, or a listing of all the users on the host.
Impacts of High Severity Vulnerabilities
On exploiting such vulnerabilities, attackers can view information about your system that helps them find or exploit other vulnerabilities that enable them to take control of your website and access sensitive user and administrator information.
Suggested Action for High Severity Vulnerabilities
A High severity vulnerability means that resources can be exploited and attackers can find other vulnerabilities which have a bigger impact. Fix these types of vulnerabilities immediately. Once a fix action has been implemented, rescan the affected resource to ensure the vulnerability or weakness has been mitigated.
Medium (4.0 – 6.9)
Vulnerabilities that score in the medium range usually have some of the following characteristics:
- Vulnerabilities that require the attacker to manipulate individual victims via social engineering tactics.
- Denial of service vulnerabilities that are difficult to set up.
- Exploits that require an attacker to reside on the same local network as the victim.
- Vulnerabilities where exploitation provides only very limited access.
- Vulnerabilities that require user privileges for successful exploitation.
- This rating is given to flaws that may be more difficult to exploit but could still lead to some compromise of the confidentiality, integrity, or availability of resources, under certain circumstances. These are the types of vulnerabilities that could have had a Critical impact or High impact but are less easily exploited based on a technical evaluation of the flaw, or affect unlikely configurations.
- Intruders may be able to gain access to specific information stored on the host, including security settings. This could result in potential misuse of the host by intruders. For example, vulnerabilities at this level may include partial disclosure of file contents, access to certain files on the host, directory browsing, disclosure of filtering rules and security mechanisms, denial of service attacks, and unauthorized use of services, such as mail-relaying.
Impacts of Medium Severity Vulnerabilities
By exploiting Medium Severity Vulnerabilities, attackers will gain information and reconnaissance useful for their attack. Medium Severity vulnerabilities are often used to better understand your system, allowing them to refine and escalate the attacks. Such vulnerabilities can sometimes be connected, to increase the potential damage of the attack.
Suggested Action for Medium Severity Vulnerabilities
Most of the time, since the impact of Medium severity vulnerabilities is not direct, you should first focus on fixing High severity vulnerabilities. However, Medium severity vulnerabilities should still be addressed at the earliest possible opportunity.
Low (0.1 – 3.9)
- Vulnerabilities in the low range typically have very little impact on an organization’s business. Exploitation of such vulnerabilities usually requires local or physical system access.
- Intruders may be able to collect sensitive information from the host, such as the precise version of software installed. With this information, intruders can easily exploit known vulnerabilities specific to software versions.
- This rating is given to all other issues that have a security impact. These are the types of vulnerabilities that are believed to require unlikely circumstances to be able to be exploited, or where a successful exploit would give minimal consequences.
Impacts of Low Severity Vulnerabilities
Do not overly concern efforts towards resources with low severity vulnerabilities. These types of issues do not have any significant impact and are likely not exploitable.
Suggested Action For Low Severity Vulnerabilities
If time and budget allows, it is worth investigating and fixing Low severity vulnerabilities .
- Intruders can collect information about the host (open ports, services, etc.) and may be able to use this information to find other vulnerabilities.
- If this vulnerability exists on your system, intruders can collect information about the host (open ports, services, etc.) and may be able to use this information to find other vulnerabilities.
- Information may include NTLM Authorization Required, Email Address found, Robots.txt discovered, Web server version exposed, WAF detected, web server listening on port 80, telnet running, etc..
Impacts of Informational Alerts
Reported simply as supporting information for a resource, as they may not have a direct impact but could help an attacker to gain a better understanding of your underlying systems.
Suggested Action for Informational Alerts
In most cases, no action or fix is required.