Calculate CVSS

This task demonstrates how to manually calculate and interpret a CVSS v3.1 score using an online calculator (such as cuberk.com/cvss/v3-1/). It highlights a critical concept in vulnerability management: how small changes in metric definitions drastically alter a threat's severity score.

Metric Breakdown for the Unauthenticated RCE
To calculate the core scenario a critical, unauthenticated Remote Code Execution (RCE) flaw in a public web server select the following values in the calculator:
Attack Vector (AV): Network — The exploit is launched remotely over the internet.
Attack Complexity (AC): Low — No special or complex conditions are required for the exploit to succeed.
Privileges Required (PR): None — The attacker requires no prior authentication or system accounts.
User Interaction (UI): None — The attack executes automatically without requiring a victim to click a link or open a file.
Scope (S): Unchanged — The impact remains confined to the web server application layer.
Impact Metrics (C, I, A): High / High / High — Because it is an RCE, the attacker gains full capability to read sensitive data (Confidentiality), modify files (Integrity), and crash the service (Availability).
Resulting Base Score: 9.8 (Critical)