Certified Ethical Hacker (CEH v11) — Question 120

Sam is working as a system administrator in an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect its severity using CVSS v3.0 to properly assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing CVSS rating was 4.0.
What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

Answer options

• A. Critical
• B. Medium
• C. High
• D. Low

Correct answer: B

Explanation

A CVSS base score of 4.0 falls within the range defined for Medium severity, which is from 4.0 to 6.9. A score below 4.0 would indicate Low severity, while scores above 6.9 but below 9.0 would suggest High severity, and anything 9.0 or above is considered Critical. Therefore, the correct answer is B.