通用漏洞评估方法CVSS 3.0 计算公式中文翻译
Posted caya-yuan
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了通用漏洞评估方法CVSS 3.0 计算公式中文翻译相关的知识,希望对你有一定的参考价值。
CVSS 3.0 计算公式
一、基础得分
1.基础得分是由影响力与可利用性两项子得分经函数计算出来的。基础得分的计算公式为:
BaseScore 基础得分
Impact 影响力得分(ISC)
Exploitability 可利用性得分
Roundup 四舍五入保留1位小数
当 Impact <= 0:
BaseScore = 0
当 0 < Impact + Exploitability < 10:
无修正: BaseScore = Roundup(Impact + Exploitability)
被修正后: BaseScore = Roundup[1.08 × (Impact + Exploitability)]
当 Impact + Exploitability > 10:
BaseScore = 10
2.影响力得分(isc)计算公式为:
Impact 影响力得分
ISCbase 影响力基础分
Confidentiality Impact(C) 机密性得分
Integrity Impact(I) 完整性得分
Availability Impact(A) 可用性得分
无修正: Impact = 6.42 × ISCbase
被修正后: Impact = 7.52 × (ISCbase − 0.029) − 3.25 × (ISCbase - 0.02)^15
其中: ISCbase = 1- [(1 - ConfImpact) × (1 - IntegImpact) × (1 - AvailImpact)]
3.可利用性得分公式为:
Exploitability 可利用性得分
Attack Vector (AV) 攻击途径
Attack Complexity (AC) 攻击复杂度
Privilege Required (PR) 权限要求
User Interaction (UI) 用户交互
Exploitability = 8.22 × AttackVector × AttackComplexity × PrivilegeRequired × UserInteraction
二、时间得分
1.时间得分的计算公式为:
Temporal 时间得分
BaseScore 基础得分
Exploitability (E) 利用代码成熟度
Remediation Level(RL) 补丁水平
Report Confidence (RC) 报告可信度
Temporal = Roundup(BaseScore × Exploitability × RemediationLevel × ReportConfidence)
三、环境得分
1.环境得分的计算公式为(所有带M.的值均为修正值,若没有被修正,则该值为基础项的对应原值):
EnvironmentalScore 环境得分
M.Impact 影响力修正得分
M.Exploitability 可利用性修正得分
ExploitCodeMaturity 利用代码成熟度
RemediationLevel 补丁水平
ReportConfidence 报告可信度
Roundup 四舍五入保留1位小数
当 M.Impact <= 0:
EnvironmentalScore = 0
当 M.Impact > 0 且 无修正:
EnvironmentalScore = Roundup(Roundup (Minimum [ (M.Impact + M.Exploitability) ,10]) × ExploitCodeMaturity × RemediationLevel × ReportConfidence)
当 M.Impact > 0 且 有修正:
Round up(Round up (Minimum [1.08 × (M.Impact + M.Exploitability) ,10]) × ExploitCodeMaturity × RemediationLevel × ReportConfidence)
2.影响力修正得分公式为:
M.Impact 影响力修正得分
ISCbase 影响力修正基础分
M.IConf 机密性修正得分
M.IInteg 完整性修正得分
M.IAvail 可用性修正得分
Confidentiality Requirement (CR) 保密性需求
Integrity Requirement (IR) 完整性需求
Availability Requirement (AR) 可用性需求
无修正: M.Impact = 6.42 × ISCModified
被修正后: M.Impact = 7.52 × (ISCModified − 0.029) − 3.25 × (ISCModified - 0.02)^15
其中: ISCModified = 1- [(1 - M.IConf × CR) × (1 - M.IInteg × IR) × (1 - M.IAvail × AR)]
当 ISCModified > 0.915 时, ISCModified = 0.915
3.可利用性修正得分公式为:
M.Exploitability 可利用性修正得分
M.Attack Vector (AV) 攻击途径修正得分
M.Attack Complexity (AC) 攻击复杂度修正得分
M.Privilege Required (PR) 权限要求修正得分
M.User Interaction (UI) 用户交互修正得分
M.Exploitability = 8.22 × M.AttackVector × M.AttackComplexity × M.PrivilegeRequired × M.UserInteraction
四、原文
原文出处:https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
注: 以下不可见部分为unicode,复制到txt可见
CVSS v3 Equations
The CVSS v3.0 equations are defined below.
Base
The Base Score is a function of the Impact and Exploitability sub score equations. Where the Base score is defined as,
If (Impact sub score <= 0) 0 else,
Scope Unchanged④ ??????????????(??????????????[(???????????? + ????????????????????????????), 10])
Scope Changed ??????????????(??????????????[1.08 × (???????????? + ????????????????????????????), 10])
and the Impact sub score (ISC) is defined as,
Scope Unchanged 6.42 × ??????Base
Scope Changed 7.52 × [?????????????? − 0.029] − 3.25 × [?????????????? − 0.02]^15
Where,
?????????????? = 1 − [(1 − ????????????????????) × (1 − ??????????????????????) × (1 − ??????????????????????)]
And the Exploitability sub score is,
8.22 × ???????????????????????? × ???????????????????????????????? × ?????????????????????????????????? × ??????????????????????????????
Temporal
The Temporal score is defined as,
??????????????(?????????????????? × ?????????????????????????????????????? × ???????????????????????????????? × ????????????????????????????????)
Environmental
The environmental score is defined as,
If (Modified Impact Sub score <= 0) 0 else,
If Modified Scope is Unchanged Round up(Round up (Minimum [ (M.Impact + M.Exploitability) ,10]) × Exploit Code Maturity × Remediation Level
× Report Confidence)
If Modified Scope is Changed Round up(Round up (Minimum [1.08 × (M.Impact + M.Exploitability) ,10]) × Exploit Code Maturity ×
Remediation Level × Report Confidence)
And the modified Impact sub score is defined as,
If Modified Scope is Unchanged 6.42 × [??????????????????????]
If Modified Scope is Changed 7.52 × [?????????????????????? − 0.029]-3.25× [?????????????????????? − 0.02] 15
Where,
?????????????????????? = ?????????????? [[1 − (1 − ??. ?????????? × ????) × (1 − ??. ???????????? × ????) × (1 − ??. ???????????? × ????)], 0.915]
The Modified Exploitability sub score is,
8.22 × ??. ???????????????????????? × ??. ???????????????????????????????? × ??. ?????????????????????????????????? × ??. ????????????????????????????n
以上是关于通用漏洞评估方法CVSS 3.0 计算公式中文翻译的主要内容,如果未能解决你的问题,请参考以下文章