Vulnerability
Categories and
Severity Levels
Each vulnerability, potential vulnerabilities, and
information gathered is assigned a severity level, which
is determined by the cybersecurity security risk associated with its exploitation.
The following tables describe the possible consequences for
vulnerabilities and threats at each severity level.
Confirmed Vulnerability Levels
A Confirmed Vulnerability is
a design flaw or mis-configuration which makes your network (or a
host on your network) susceptible to malicious attacks from local or
remote users. Vulnerabilities can exist in several areas of your
network, such as in your firewalls, FTP servers, Web servers,
operating systems or CGI bins. Depending on the level of the
security risk, the successful exploitation of a vulnerability can
vary from the disclosure of information about the host to a complete
compromise of the host.
|
SEVERITY
|
LEVEL
|
DESCRIPTION
|
|
|
Minimal (1)
|
Intruders can collect information about
the host (open ports, services, etc.) and may be able to use
this information to find other vulnerabilities.
|
|
|
Medium (2)
|
Intruders may be able to collect
sensitive information from the host, such as the precise
version of software installed. With this information,
intruders can easily exploit known vulnerabilities specific
to software versions.
|
|
|
Serious (3)
|
Intruders may be able to gain access to
specific information stored on the host, including security
settings. This could result in potential misuse of the host
by intruders. For example, vulnerabilities at this level may
include partial disclosure of file contents, access to
certain files on the host, directory browsing, disclosure of
filtering rules and security mechanisms, denial of service
attacks, and unauthorized use of services, such as
mail-relaying.
|
|
|
Critical (4)
|
Intruders can possibly gain control of
the host, or there may be potential leakage of highly
sensitive information. For example, vulnerabilities at this
level may include full read access to files, potential
backdoors, or a listing of all the users on the host.
|
|
|
Urgent (5)
|
Intruders can easily gain control of
the host, which can lead to the compromise of your entire
network security. For example, vulnerabilities at this level
may include full read and write access to files, remote
execution of commands, and the presence of backdoors.
|
Potential Vulnerabilities
A Potential Vulnerability
includes all vulnerabilities that we cannot confirm exist.
The only way to verify the existence of these vulnerabilities would
be to perform an intrusive scan on your network, which could result
in a denial of service. This is strictly against our policy.
Instead, we urge you to investigate these potential vulnerabilities further.
Since our testing policy is based on a non-intrusive approach, we
will not perform active tests that may affect the integrity of your
system. Any vulnerability that cannot be confirmed is reported under
the category "Potential Vulnerabilities." The logic behind
reporting the unconfirmed vulnerabilities in the initial testing is
to bring the potential threat to your attention. Since
"Potential Vulnerabilities" are unconfirmed, they will be filtered
out of the follow-up testing unless requested to report the
"Potential Vulnerabilities."
|
SEVERITY
|
LEVEL
|
DESCRIPTION
|
|
|
Minimal (1)
|
If this vulnerability exists on your
system, intruders can collect information about the host
(open ports, services, etc.) and may be able to use this
information to find other vulnerabilities.
|
|
|
Medium (2)
|
If this vulnerability exists on your
system, intruders may be able to collect sensitive
information from the host, such as the precise version of
software installed. With this information, intruders can
easily exploit known vulnerabilities specific to software
versions.
|
|
|
Serious (3)
|
If this vulnerability exists on your
system, intruders may be able to gain access to specific
information stored on the host, including security settings.
This could result in potential misuse of the host by
intruders. For example, vulnerabilities at this level may
include partial disclosure of file contents, access to
certain files on the host, directory browsing, disclosure of
filtering rules and security mechanisms, denial of service
attacks, and unauthorized use of services, such as
mail-relaying.
|
|
|
Critical (4)
|
If this vulnerability exists on your
system, intruders can possibly gain control of the host, or
there may be potential leakage of highly sensitive
information. For example, vulnerabilities at this level may
include full read access to files, potential backdoors, or a
listing of all the users on the host.
|
|
|
Urgent (5)
|
If this vulnerability exists on your
system, intruders can easily gain control of the host, which
can lead to the compromise of your entire network security.
For example, vulnerabilities at this level may include full
read and write access to files, remote execution of
commands, and the presence of backdoors.
|
Information Gathered Levels
Information Gathered
includes visible information about the network related to the host,
such as traceroute information, Internet Service Provider (ISP), or
a list of reachable hosts. Information Gathered severity levels also
include detected firewalls, SMTP banners, or a list of open
TCP services.
|
SEVERITY
|
LEVEL
|
DESCRIPTION
|
|
|
Minimal (1)
|
Intruders may be able to retrieve
sensitive information related to the host, such as open UDP
and TCP services lists, and detection of firewalls.
|
|
|
Medium (2)
|
Intruders may be able to determine the
operating system running on the host, and view banner
versions.
|
|
|
Serious (3)
|
Intruders may be able to detect highly
sensitive data, such as global system user lists.
|
|
