Common Vulnerability Scoring System Version 3.0 Calculator
'/%3E%3Ccircle cx='48' cy='39' r='19' fill='%23f2c9a5'/%3E%3Cpath d='M27 35c3-16 39-17 42 2-8-8-27-9-42-2z' fill='%23374151'/%3E%3Cpath d='M21 86c5-24 49-28 56 0z' fill='%232563eb'/%3E%3Ccircle cx='41' cy='41' r='2' fill='%23111827'/%3E%3Ccircle cx='55' cy='41' r='2' fill='%23111827'/%3E%3Cpath d='M42 52c4 3 9 3 13 0' stroke='%2392400e' stroke-width='3' fill='none' stroke-linecap='round'/%3E%3C/svg%3E)
Reviewed by Calculator Editorial Team
The Common Vulnerability Scoring System (CVSS) version 3.0 provides a standardized way to assess the severity of software vulnerabilities. This calculator helps you compute CVSS scores based on the official metrics and formulas.
What is CVSS v3.0?
CVSS v3.0 is the latest version of the Common Vulnerability Scoring System, developed by the Forum of Incident Response and Security Teams (FIRST). It provides a numerical score (0-10) that represents the severity of a vulnerability based on several metrics.
The score helps organizations prioritize vulnerabilities and understand the potential impact of security flaws. CVSS v3.0 is widely used in vulnerability management, risk assessment, and security operations.
How to Use This Calculator
To calculate a CVSS v3.0 score, you need to provide values for the following metrics:
- Attack Vector (AV): How the vulnerability is exploited
- Attack Complexity (AC): How difficult it is to exploit the vulnerability
- Privileges Required (PR): What privileges are needed to exploit the vulnerability
- User Interaction (UI): Whether user interaction is required to exploit the vulnerability
- Scope (S): Whether the vulnerability affects components beyond the vulnerable component
- Confidentiality Impact (C): Impact on confidentiality
- Integrity Impact (I): Impact on integrity
- Availability Impact (A): Impact on availability
After entering these values, click "Calculate" to compute the CVSS score and severity rating.
CVSS v3.0 Metrics
CVSS v3.0 uses three metric groups to calculate the overall score:
- Base Metrics: Characteristics of the vulnerability that are constant over time
- Temporal Metrics: Characteristics that change over time
- Environmental Metrics: Characteristics of the vulnerability in a particular environment
This calculator focuses on the Base Metrics, which are the most commonly used in vulnerability assessments.
Base Metric Formula
The Base Score (BS) is calculated as:
BS = round_to_1_decimal(min((3.04 × Impact + 0.95 × Exploitability - 1.5 × f(Impact)), 10))
Where:
- Impact = 1 - [(1 - Confidentiality) × (1 - Integrity) × (1 - Availability)]
- Exploitability = 8.22 × AV × AC × PR × UI
- f(Impact) = 0 if Impact = 0, 1.04 if Scope is Unchanged, 1.05 if Scope is Changed
Interpreting CVSS Scores
CVSS scores range from 0 to 10, with higher scores indicating more severe vulnerabilities. The severity ratings are as follows:
- 0.1-3.9: Low severity
- 4.0-6.9: Medium severity
- 7.0-8.9: High severity
- 9.0-10.0: Critical severity
For example, a vulnerability with a CVSS score of 7.5 would be considered high severity and should be addressed promptly.
Frequently Asked Questions
What is the difference between CVSS v2.0 and v3.0?
CVSS v3.0 introduces several improvements over v2.0, including:
- New metrics for better accuracy
- Support for new attack vectors
- Improved scoring algorithm
- Better alignment with modern threat models
How do I choose values for the metrics?
You should choose values based on the characteristics of the specific vulnerability you're assessing. For example, if the vulnerability requires user interaction, you would select "Required" for the User Interaction metric.
Can I use this calculator for compliance purposes?
This calculator provides a general estimate of CVSS scores. For compliance purposes, you should consult official CVSS documentation and use official tools.