In the Common Vulnerability Scoring System (CVSS), attack complexity refers to the conditions beyond the attacker’s control that must exist for the vulnerability to be successfully exploited.
This includes factors such as the need for user interaction, the presence of specific configurations, or network conditions that are not easily controlled by the attacker.
A high attack complexity means that these external factors make exploitation more difficult, while a low attack complexity indicates that fewer such conditions are required.
References
CVSS v3.1 Specifications Document
Understanding Attack Complexity in Vulnerability Assessments
Cybersecurity Frameworks and Metrics
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit