08-22-2011 03:09 PM
Criticall vulnerabilities typically affect default installations of widely deployed software, result in root compromise of servers, and the exploit code is widely available to attackers. The attacker usually does not need any special authentication credentials or knowledge about the individual victims and the target does not need to be manipulated into performing any special functions.
High vulnerabilities typically have the ability to become critical but have mitigating factors that make them less attractive to attackers. They may be difficult to exploit,.do not result in elevated privileges or do not have a large victim pool.
Moderatevulnerabilities are those where the scales are tipped in favor of the victim, such as a denial of service attack which does not compromise the target. They include exploits that require an attacker to reside on the same LAN as the victim, affect only non-standard configurations or obscure applications, or the exploitation only provides very limited access.
Low vulnerabilities typically have very little impact on an organization's infrastructure. They usually require local or physical system access and may often result in victim privacy or DoS issues and information leakage.
Informational vulnerabilities may be suspicious events that are reported to call attention that deeper problems could possibly exist.
