Explore vulnerability details

The attack vector describes the context or path through which a vulnerability can be exploited. It provides insights into how an attacker can gain access to a system or network. The possible values for the attack vector include:

• Network: Vulnerabilities with this rating are remotely exploitable, either from one or more hops away or over the internet.

• Adjacent: A vulnerability with this rating requires network adjacency for exploitation, meaning the attack must originate from the same physical or logical network.

• Local: Vulnerabilities with this rating are not exploitable over a network. The attacker must have local access to the system or employ remote access protocols like SSH or RDP. Social engineering techniques may also be used to trick unsuspecting users into initiating the exploit.

• Physical: In this type of attack, the adversary must physically interact with the target system to exploit the vulnerability.

The attack complexity describes the level of difficulty involved in successfully exploiting a vulnerability. It assesses the ease or complexity of launching an attack using the vulnerability and can be categorized as either Low or High.

Privilege describes the level of privilege or access an attacker requires to successfully use a vulnerability. The level of privilege can be categorized as:

• None: There are no privileges required to abuse a vulnerability.

• Low: A limited amount of privileges are required to abuse a vulnerability.

• High: A high amount of privileges are required to abuse a vulnerability.

Integrity refers to the impact on the integrity of information resulting from the successful use of a vulnerability. It evaluates the potential tampering or modification of data and can be categorized as follows:

• None: There is no loss of integrity of any information.

• Low: A limited amount of information might be tampered with or modified, but there is no serious impact on the protected system.

• High: The attacker can modify any/all information on the target system, resulting in a complete loss of integrity.

User interaction refers to whether a user, other than the attacker, needs to perform an action for the successful exploitation of a vulnerability. User interaction can be categorized as follows:

• None: No user interaction is required for the vulnerability to be exploited.

• Required: A user must complete specific steps or actions for the exploit to succeed. For example, the user might be prompted to install certain software or perform an action that aids the attacker.

The scope of a vulnerability indicates whether its exploitation extends beyond the initially compromised system (Changed) or remains confined to the originally vulnerable component (Unchanged).

Confidentiality measures the impact on the confidentiality of information resulting from the successful use of a vulnerability. It evaluates the potential exposure of sensitive data and can be classified into the following categories:

• None: There is no loss of confidentiality.

• Low: The vulnerability might result in limited or intermittent impact on the confidentiality of information.

• High: The successful exploitation of the vulnerability leads to a complete loss of confidentiality of the impacted system or information.

Availability impact measures the impact on system availability resulting from the successful use of a vulnerability. It assesses the potential disruption or loss of service and can be classified into the following categories:

• None: There is no loss of availability.

• Low: Availability might be intermittently limited, or the performance might be negatively impacted as a result of a successful attack.

• High: There is a complete loss of availability of the impacted system or information.

The Exploit Prediction Scoring System (EPSS) predicts the likelihood of a vulnerability being exploited in the wild within the next 30 days. It assigns a score between 0 and 1 (or 0 to 100%), with higher scores indicating a greater probability of exploitation.

The EPSS score consists of:

• EPSS score: Indicates how likely a vulnerability is to be exploited.

• EPSS percentile: Displays the percentile rank of the vulnerability compared to all others in the EPSS dataset.

• Last modified: Records the last time the EPSS data for this particular vulnerability was updated.

Many organizations rely on EPSS to prioritize their vulnerability management efforts. A high-scoring vulnerability may warrant immediate action, while lower scores may allow for deferring or handling vulnerabilities through other means.

Indicates the likelihood that a vulnerability can be exploited. This value is calculated by Lansweeper, based on available data and known exploit information.

Shows whether a vulnerability (CVE) is known to be actively exploited by attackers in real‑world environments.

Categorizes exploits based on their potential impact, distinguishing between higher and lower-risk exploits.

Possible classifications include: Initial access, Remote with credentials exploits, Local, Client-side, Infoleak, and Denial of Service.

Describes the development stage of existing exploit techniques and the availability of exploit code.

Possible maturity levels include:

• Weaponized: Refers to explicitly malicious exploits (e.g. integrated into malware) that have been reported as exploited in the wild. These exploits are often used in real-world attacks, work reliably across many targets (e.g. exploits in MetaSploit, VulnCheck IAI, CANVAS, or Core Impact), and may include secondary payloads like droppers or implants.

• Proof of Concept (POC): Demonstrates the potential for exploitation, but is not yet weaponized. POCs may come in various forms, such as blog posts, Python scripts, or curl commands.

Documents instances where ransomware groups exploited the vulnerability in their attacks.

Documents instances where malicious threat actors actively exploited the vulnerability.

Documents instances botnets have used the vulnerability to compromise systems.

Indicates whether a publicly available exploit code or method for the vulnerability has been identified.

Indicates whether exploit code or methods for the vulnerability are available through commercial vendors.

Indicates whether CISA has detected an exploit using this vulnerability.

Recommended actions users should take to mitigate the exploit.

The deadline for applying a patch or mitigation.

Information on whether the vulnerability has been used in ransomware campaigns.

A score indicating how difficult it is for an attacker to exploit the vulnerability, rated as low, medium, high, or critical.

Provides details on the potential impact of the vulnerability on systems.

Indicates the likelihood of an exploit using this vulnerability, categorized as exploitation detected, more likely, less likely, or unlikely, based on Microsoft's observations.