Exam CS0-002 topic 1 question 298 discussion

When evaluating the CVSS score for a vulnerability that requires modifying the Tomcat configuration file, the security analyst should choose the "Local" value. Therefore, option D is the correct answer. CVSS (Common Vulnerability Scoring System) is a framework that provides a way to evaluate the severity of a vulnerability. CVSS uses a set of metrics to measure the potential impact of a vulnerability and assign it a score. The "Local" metric in CVSS measures the degree of access required to exploit the vulnerability. A "Local" vulnerability can only be exploited by an attacker who has physical access to the system or who has already compromised the system through a separate attack. In this scenario, modifying the Tomcat configuration file requires local access to the system and cannot be exploited remotely. Therefore, the appropriate metric to use when evaluating the CVSS score for this vulnerability is "Local."

This was on the exam

In this case, since the attack involves modifying the Tomcat configuration file, it indicates that the attacker needs to be in a network-adjacent position, meaning they need to have some level of network access or adjacency to the target system. Therefore, "Adjacent" is the appropriate choice for the "Access Vector" metric when evaluating the CVSS score for this vulnerability.

C. Adjacent The "Adjacent" access complexity refers to an attacker who can directly connect to the target system, but they need to first gain access to an adjacent or neighboring system. In this scenario, the attacker needs to modify the Tomcat configuration file, indicating a level of access that is adjacent to the target web application

required specific configuration is in metric Attack Complexity,not Attack Vector

I take articles from book; Local means shell access,either interactively orthrough a remote shell. Adjacent network refersto an attacking host withinthe same broadcastdomain (link-local) as thetarget. Network refers to a vulnerability that can beexploited from a remotenetwork (different subnet) So, i going with local.

D. is correct

The CVSS score determines the severity of a vulnerability based on the impact it has on the system and the ease of exploitation. In this scenario, the vulnerability can be exploited locally, meaning that the attacker has access to the target system and can directly modify the Tomcat configuration file. The CVSS score for Local attacks is higher compared to other types of attacks, so the security analyst should choose "Local" when evaluating the CVSS score.