Certified Ethical Hacker (CEH v12) — Question 308

Sam is working as a system administrator in an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect its severity using CVSS v3.0 to properly assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing CVSS rating was 4.0.

What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

Answer options

• A. High
• B. Low
• C. Critical
• D. Medium

Correct answer: D

Explanation

A CVSS base score of 4.0 falls within the range designated for Medium severity, which is between 4.0 and 6.9. Options A (High) and C (Critical) are incorrect as they represent higher severity levels, while option B (Low) is also incorrect since it applies to scores below 4.0.