Exploitability

📌 Article pinned by VulDB Support Team

Some vulnerability entries contain information and links about existing exploits. An exploit is a tutorial or software, which helps to execute or automate the exploitation of a vulnerability.

Exploit Maturity

Such an exploit might have a specific level of exploitability, also called exploit code maturity. The exploitability definition on VulDB uses the same metric levels like CVSSv2 and CVSSv3. CVSSv4 retired this metric and introduced a similar sounding threat metric called exploit maturity which is focussing on exploit activities rather than exploit quality levels. Our definitions are slightly enhanced and shown in the table below.

SymbolCVSSv4CVSSv3CVSSv2DescriptionExample
High
A / PHHA professionalized exploit is available with a very high level of reliability, the possibility to change options, and solid error handling. Such an exploit is easy-to-use by attackers not familiar with the technical details of the underlying vulnerability.Metasploit module, NMAP NSE skript
Functional
A / PFFA solid exploit is available which provides mostly reliable exploit capabilities that work in most scenarios.enhanced skript, basic exploit implementation
Proof-of-Concept
PPPOCA simple exploit is available which illustrates the basic functionality of exploitation, without a certain level of reliability, no customization possibilities, and no error handling.static URL, Curl statement, simple shell skript
Unproven
UUUNo exploit is available, or an exploit is entirely theoretical.exploit is private, no public exploit available
Not Defined
-XNDThe exploitability level is not defined. This is the case when no information about an exploit is available.no information about exploits available

Impact and Threats

The exploitability level is one of tha major factor that impacts the calculation of exploit prices. The Known Exploited Vulnerabilities Catalog (KEV) by CISA provides data about detected exploit behavior. We may recommend our unique CTI activity scores for a better and more accurate predictive identification of emerging and executed exploit activities.

Обновлено: 01.06.2024 по VulDB Documentation Team

Want to stay up to date on a daily basis?

Enable the mail alert feature now!