The exploit code maturity metric indicates the likelihood of the vulnerability being exploited depending on the existing state of exploit techniques and code availability.
Some exploit codes may be publicly available, making them easily accessible to numerous attackers. This increases the likelihood of the vulnerability getting exploited. Note the following parameters:
|
Parameter |
Description |
|
Not defined |
Assigning this value to the metric will not affect the score. It simply indicates the scoring equation to skip this metric. |
|
High |
Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely available. |
|
Functional |
Functional exploit code is available and it works in most situations. |
|
Proof of concept |
Proof of concept is distinctly available. The code may not be functional in all situations and may require considerable edits by a skilled attacker. |
|
Unproven |
Exploit code is unavailable or the exploit is just hypothetical. |