To measure the severity of a vulnerability, Common Vulnerability and Exposure (CVE) entries are often assigned a CVSS (Common Vulnerability Scoring System) score. The CVSS score provides a numerical evaluation, out of 10, of the overall threat raised by the presence of a given vulnerability on a computer system. The base CVSS score is computed by considering aspects such as the complexity of the attack needed to exploit the vulnerability, the attack vector (local or through a network), and the possible impacts of an exploitation on the system. Security teams use CVSS scores as part of their vulnerability management program to prioritize severe vulnerabilities and improve the security posture of computer systems. While CVSS is currently on version 3.1, version 2 is still widely used. Both are supported by Cisco Cyber Vision.
CVSS scores are divided into the following four categories: