The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (low, medium, high, and critical) to help assess and prioritize the vulnerability management processes.
When a vulnerability found on a specific target can be referred to a code in the CVE database operated by the Mitre Corporation, the Penetrator will automatically find the corresponding CVSS score for both V2 and V3 versions of CVSS.
The CVSS score will then be displayed on screen and on the reports whenever a CVE code is available.
The CVSS score is available on screen in the detail of vulnerabilities: when you click on a snapshot icon , the list of the vulnerabilities for a scan is displayed.
Here, clicking on the name of a vulnerability, the Penetrator shows the page with the details:
The same information is also available on the reports.
Please take into account that the reports available on the home page have been created at the end of each scan. Therefore, to get the CVSS score, it’s necessary to generate new report: click on Make New Reports in the floating menu in column Options next to each scan.
The CVSS scores are updated frequently, and the Penetrator keeps its database up to date accordingly. The Penetrator automatically updates the CVSS scores every night between Midnight and 1 AM. This process is necessary and may require some time if it’s not performed frequently.