Total score is the average CVSS score of all the issues in the infrastructure. The higher the score, the more vulnerable the infrastructure is.
On the Dashboard, in the upper left corner, there is a “Total score” element, which gives an estimate of how vulnerable the overall external attack surface is.
The higher the score, the more severely vulnerable the attack surface is.
How Is the Total Score Calculated?
The Total score represents the average of the CVSS scores of all the issues in the infrastructure.
The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. The score ranges from 0 to 10.
The Total score shown by Attaxion is the sum of CVSS scores of all issues discovered in the assets, divided by the number of issues.
What Does the Color Coding Mean?
Attaxion doesn’t calculate CVSS scores for each issue; instead, it takes pre-calculated scores from CVE/CWE databases. The CVSS v3.x standard offers five different severity types (as described by NIST):
- Info (unknown): 0.0
- Low: 0.1 - 3.9
- Medium: 4.0 - 6.9
- High: 7.0 - 8.9
- Critical: 9.0 - 10.0
Attaxion adheres to this standard and applies different colors to the circle around the Total score value and to the vulnerability tags.
- Info – gray
- Low – green
- Medium – yellow
- High – red
- Critical – dark red.