How is the threat severity level determined?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How is the threat severity level determined?

Not applicable

How is the threat severity level determined?

Critical, High, Medium, Low or Informational

1 accepted solution

Accepted Solutions

Criticall vulnerabilities typically affect default installations of widely deployed software, result in root compromise of servers, and the exploit code is widely available to attackers. The attacker usually does not need any special  authentication credentials or knowledge about the individual victims and the target does not need to be manipulated into performing any special functions.

High vulnerabilities typically have the ability to become critical but have mitigating factors that make them less attractive to attackers. They may be difficult to exploit,.do not result in elevated privileges or do not have a large victim pool.

Moderatevulnerabilities are those where the scales are tipped in favor of the victim, such as a denial of service attack which does not compromise the target. They include exploits that require an attacker to reside on the same LAN as the victim, affect only non-standard configurations or obscure applications, or the exploitation only provides very limited access.

Low vulnerabilities typically have very little impact on an organization's infrastructure.  They usually require local or physical system access and may often result in victim privacy or DoS issues and information leakage.

Informational vulnerabilities may be suspicious events that are reported to call attention that deeper problems could possibly exist.

View solution in original post

3 REPLIES 3

L5 Sessionator

Hi,

The document at this link contains the matrix for determining threat severity.

https://live.paloaltonetworks.com/docs/DOC-1051

By threat severity I mean the Critical, High, Medium, Low and informational in the threat prevention table

Criticall vulnerabilities typically affect default installations of widely deployed software, result in root compromise of servers, and the exploit code is widely available to attackers. The attacker usually does not need any special  authentication credentials or knowledge about the individual victims and the target does not need to be manipulated into performing any special functions.

High vulnerabilities typically have the ability to become critical but have mitigating factors that make them less attractive to attackers. They may be difficult to exploit,.do not result in elevated privileges or do not have a large victim pool.

Moderatevulnerabilities are those where the scales are tipped in favor of the victim, such as a denial of service attack which does not compromise the target. They include exploits that require an attacker to reside on the same LAN as the victim, affect only non-standard configurations or obscure applications, or the exploitation only provides very limited access.

Low vulnerabilities typically have very little impact on an organization's infrastructure.  They usually require local or physical system access and may often result in victim privacy or DoS issues and information leakage.

Informational vulnerabilities may be suspicious events that are reported to call attention that deeper problems could possibly exist.

  • 1 accepted solution
  • 4354 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!