2 Replies Latest reply on Aug 21, 2011 11:15 PM by Cweissert

    MVM Vulnerability Risk Level

      How does MVM determine the various risk levels of a vulnerability? 

       

      Is it based upon a range in the CVSS score i.e. High is CVSS 7 or above?

       

      Thanks

      Chris

        • 1. Re: MVM Vulnerability Risk Level

          I am not entirely sure, but I would not be surprised if the risk level is a composite of published information and internal McAfee info.

           

          I ran into an interesting situation with regards to the CVSS vector that illustrates how the internal-to-McAfee info is used.

           

          In my case, I constructed a vulnerability set based on the CVSS vector; I was searching for vulnerabilities that are exploitable (E:F).  This turned up a list of vulnerabilties with (published) 'undetermined' exploitability (E:ND).  Apparently McAfee has internal, non-published information that an exploit exists, and so the vulnerabilities match the search criteria, even though that's not what the resulting report shows.

           

          So I am guessing that the risk level may also incorporate internal-to-McAfee information.

          • 2. Re: MVM Vulnerability Risk Level

            Thanks for the reply. I found a description of the ratings in the MVM product guide(p16-17) but they do not provide much detail.  An interesting thought though as to how McAfee internally rates vulnerabilities.

             

            High risk

            An attacker might gain privileged access (administrator, root) to the system over a remote connection.

            Examples:

            • IIS Remote Data Services provides remote control

            • RPC Auto-mounted attack