CVE CVSS Score Interpreter & Risk Calculator

ANA›Life Services Authority›National Calculator Authority›CVE CVSS Score Interpreter & Risk Calculator

.calc-container { max-width: 640px; margin: 2rem 0; padding: 1.5rem; background: #fff; border: 1px solid #ddd; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.06); font-family: system-ui, -apple-system, sans-serif; } .calc-container h3 { font-family: Georgia, serif; font-size: 1.15rem; color: #1a1a1a; margin-bottom: 1rem; padding-bottom: 0.5rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-row { display: flex; align-items: center; gap: 0.75rem; margin-bottom: 0.75rem; flex-wrap: wrap; } .calc-row label { min-width: 160px; font-size: 0.9rem; color: #333; font-weight: 500; } .calc-row input[type="number"], .calc-row select { flex: 1; min-width: 120px; max-width: 200px; padding: 0.5rem 0.6rem; border: 1px solid #ccc; border-radius: 4px; font-size: 0.9rem; font-family: system-ui, sans-serif; color: #1a1a1a; background: #fafaf8; } .calc-row input:focus, .calc-row select:focus { outline: none; border-color: var(--ac, #3d5a80); box-shadow: 0 0 0 2px rgba(26,74,138,0.12); } .calc-row .unit { font-size: 0.82rem; color: #888; min-width: 30px; } .calc-btn { display: inline-block; margin-top: 0.5rem; padding: 0.55rem 1.5rem; background: var(--ac, #3d5a80); color: #fff; border: none; border-radius: 4px; font-size: 0.9rem; font-weight: 600; cursor: pointer; font-family: system-ui, sans-serif; } .calc-btn:hover { opacity: 0.9; } .calc-result { margin-top: 1.25rem; padding: 1rem 1.25rem; background: #f0f6fc; border-left: 3px solid var(--ac, #3d5a80); border-radius: 0 6px 6px 0; display: none; } .calc-result.visible { display: block; } .calc-result-label { font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.06em; color: #666; margin-bottom: 0.25rem; } .calc-result-value { font-size: 1.6rem; font-weight: 700; color: var(--ac, #3d5a80); } .calc-result-detail { font-size: 0.85rem; color: #555; margin-top: 0.5rem; line-height: 1.5; } .calc-note { margin-top: 1rem; font-size: 0.8rem; color: #888; font-style: italic; } .calc-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 0.75rem; margin-top: 0.75rem; } .calc-grid-item { padding: 0.6rem 0.8rem; background: #f8f9fa; border-radius: 4px; border: 1px solid #eee; } .calc-grid-item .label { font-size: 0.75rem; color: #888; text-transform: uppercase; letter-spacing: 0.04em; } .calc-grid-item .value { font-size: 1.1rem; font-weight: 600; color: #1a1a1a; } @media (max-width: 720px) { .calc-row { flex-direction: column; align-items: flex-start; gap: 0.3rem; } .calc-row label { min-width: auto; } .calc-row input[type="number"], .calc-row select { max-width: 100%; width: 100%; } .calc-grid { grid-template-columns: 1fr; } } .calc-chart { margin: 1rem 0; text-align: center; } .calc-chart svg { max-width: 100%; height: auto; } .calc-chart-legend { display: flex; flex-wrap: wrap; justify-content: center; gap: 0.6rem 1.2rem; margin-top: 0.6rem; font-size: 0.8rem; color: #555; } .calc-chart-legend span { display: inline-flex; align-items: center; gap: 0.3rem; } .calc-chart-legend i { display: inline-block; width: 10px; height: 10px; border-radius: 2px; font-style: normal; } .calc-related { max-width: 640px; margin: 2rem 0 1rem; padding: 1.25rem 1.5rem; background: #f8f9fa; border: 1px solid #e8e8e8; border-radius: 8px; } .calc-related h3 { font-family: Georgia, serif; font-size: 1rem; color: #1a1a1a; margin: 0 0 0.75rem; padding-bottom: 0.4rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-related-list { list-style: none; padding: 0; margin: 0 0 0.75rem; display: grid; grid-template-columns: 1fr 1fr; gap: 0.4rem 1.5rem; } .calc-related-list li a { font-size: 0.88rem; color: var(--ac, #3d5a80); text-decoration: none; } .calc-related-list li a:hover { text-decoration: underline; } .calc-browse-all { margin: 0.5rem 0 0; font-size: 0.9rem; font-weight: 600; } .calc-browse-all a { color: var(--ac, #3d5a80); text-decoration: none; } .calc-browse-all a:hover { text-decoration: underline; } @media (max-width: 720px) { .calc-related-list { grid-template-columns: 1fr; } }

CVE CVSS Score Interpreter & Risk Calculator

Interpret CVSS v3.1 base scores, calculate environmental risk adjustments, estimate patch urgency, and assess organizational exposure for any CVE vulnerability.

CVSS v3.1 Base Score (0.0 – 10.0)

Attack Vector

Network (N) Adjacent (A) Local (L) Physical (P)

Attack Complexity

Low (L) High (H)

Privileges Required

None (N) Low (L) High (H) – no scope change High (H) – scope changed

User Interaction

None (N) Required (R)

Scope

Unchanged (U) Changed (C)

Confidentiality Impact

High (H) Low (L) None (N)

Integrity Impact

High (H) Low (L) None (N)

Availability Impact

High (H) Low (L) None (N)

Exploit Code Maturity (Temporal)

Not Defined (X) High (H) Functional (F) Proof-of-Concept (P) Unproven (U)

Remediation Level (Temporal)

Not Defined (X) Unavailable (U) Workaround (W) Temporary Fix (T) Official Fix (O)

Report Confidence (Temporal)

Not Defined (X) Confirmed (C) Reasonable (R) Unknown (U)

Asset Criticality (Environmental)

Critical – Core Infrastructure High – Important Business System Medium – Standard System Low – Non-critical / Dev/Test

Internet Exposure

Directly Internet-Facing DMZ / Partially Exposed Internal Network Only Air-Gapped / Isolated

Number of Affected Systems

Data Sensitivity

PII / PHI / Financial / Regulated Confidential Business Data Internal Use Only Public / Non-sensitive

Calculate Risk

Results will appear here after calculation.

function cveCalc() { // ── Input collection ────────────────────────────────────────────────────── var baseScoreInput = parseFloat(document.getElementById('cve-base-score').value); var AV = parseFloat(document.getElementById('cve-attack-vector').value); var AC = parseFloat(document.getElementById('cve-attack-complexity').value); var PR = parseFloat(document.getElementById('cve-privileges-required').value); var UI = parseFloat(document.getElementById('cve-user-interaction').value); var scope = document.getElementById('cve-scope').value; var C = parseFloat(document.getElementById('cve-confidentiality').value); var I = parseFloat(document.getElementById('cve-integrity').value); var A = parseFloat(document.getElementById('cve-availability').value); var E = parseFloat(document.getElementById('cve-exploit-maturity').value); var RL = parseFloat(document.getElementById('cve-remediation-level').value); var RC = parseFloat(document.getElementById('cve-report-confidence').value); var assetCrit = parseFloat(document.getElementById('cve-asset-criticality').value); var exposure = parseFloat(document.getElementById('cve-exposure').value); var affectedSystems = parseInt(document.getElementById('cve-affected-systems').value); var dataSens = parseFloat(document.getElementById('cve-data-sensitivity').value);

// ── Input validation ────────────────────────────────────────────────────── var errors = []; if (isNaN(baseScoreInput) || baseScoreInput 10) { errors.push("CVSS Base Score must be between 0.0 and 10.0."); } if (isNaN(affectedSystems) || affectedSystems 0) { document.getElementById('cve-result').innerHTML = '⚠ Errors:' + errors.join('') + ''; return; }

// ── CVSS v3.1 ISCBase ───────────────────────────────────────────────────── // ISCBase = 1 − [(1 − C) × (1 − I) × (1 − A)] var ISCBase = 1 - (1 - C) * (1 - I) * (1 - A);

// ── Impact Sub-Score (ISC) ──────────────────────────────────────────────── var ISC; if (scope === "unchanged") { ISC = 6.42 * ISCBase; } else { // Scope Changed: ISC = 7.52 × [ISCBase − 0.029] − 3.25 × [ISCBase − 0.02]^15 ISC = 7.52 * (ISCBase - 0.029) - 3.25 * Math.pow(ISCBase - 0.02, 15); }

// ── Exploitability Sub-Score (ESC) ──────────────────────────────────────── // ESC = 8.22 × AV × AC × PR × UI var ESC = 8.22 * AV * AC * PR * UI;

// ── CVSS v3.1 Base Score (calculated) ──────────────────────────────────── var calcBaseScore; if (ISC ' + text + ''; }

var html = '### CVE Risk Assessment Results ';

html += ''; html += 'MetricValueRating';

html += 'CVSS v3.1 Base Score (Calculated)' + calcBaseScore.toFixed(1) + ' / 10.0' + badge(severityLabel(calcBaseScore).label, severityLabel(calcBaseScore).color) + ''; html += 'CVSS v3.1 Base Score (Used)' + finalBaseScore.toFixed(1) + ' / 10.0' + badge(baseSev.label, baseSev.color) + ''; html += 'Temporal Score' + temporalScore.toFixed(1) + ' / 10.0' + badge(tempSev.label, tempSev.color) + ''; html += 'Impact Sub-Score (ISC)' + ISC.toFixed(3) + '—'; html += 'Exploitability Sub-Score (ESC)' + ESC.toFixed(3) + '—'; html += 'Organizational Risk Score' + orgRiskDisplay + ' (raw, uncapped)' + badge(orgSev.label, orgSev.color) + ''; html += 'Patch Priority Score' + patchPriority + ' / 100' + badge(patchInfo.label, patchInfo.color) + ''; html += 'Estimated Breach Cost Exposure' + breachFormatted + 'Heuristic estimate'; html += '';

// ── Scope & ISCBase detail ──────────────────────────────────────────────── html += 'Scope: ' + (scope === "changed" ? "Changed – vulnerability affects resources beyond the vulnerable component." : "Unchanged – impact confined to the vulnerable component.") + '

'; html += 'ISCBase: 1 − [(1 − ' + C + ') × (1 − ' + I + ') × (1 − ' + A + ')] = ' + ISCBase.toFixed(4) + '

';

// ── Recommendations ─────────────────────────────────────────────────────── html += '#### Recommended Actions '; if (patchPriority >= 75) { html += '- 🚨 Immediate action required. Isolate affected systems if patching cannot begin within hours.'; html += ''; } else if (patchPriority >= 50) { html += '- ⚠ Urgent patching required within 7 days. Prioritize in next change window.'; html += ''; } else if (patchPriority >= 25) { html += ''; html += ''; } else { html += ''; html += ''; } if (exposure >= 1.3) { html += ''; } if (dataSens >= 1.4) { html += ''; } if (affectedSystems > 100) { html += ''; } html += '';

document.getElementById('cve-result').innerHTML = html; }

#### Formulas Used

CVSS v3.1 ISCBase: ISCBase = 1 − [(1 − C) × (1 − I) × (1 − A)]

Impact Sub-Score (ISC): • Scope Unchanged: ISC = 6.42 × ISCBase • Scope Changed: ISC = 7.52 × (ISCBase − 0.029) − 3.25 × (ISCBase − 0.02)¹⁵

Exploitability Sub-Score (ESC): ESC = 8.22 × AV × AC × PR × UI

CVSS v3.1 Base Score: • Scope Unchanged: BaseScore = Roundup[min(ISC + ESC, 10)] • Scope Changed: BaseScore = Roundup[min(1.08 × (ISC + ESC), 10)] • If ISC ≤ 0: BaseScore = 0 Roundup = ceiling to nearest 0.1

Temporal Score: TemporalScore = Roundup(BaseScore × E × RL × RC)

Organizational Risk Score (Environmental Heuristic): OrgRisk = TemporalScore × AssetCriticality × Exposure × DataSensitivity

Patch Priority Score (0–100): PatchPriority = min[(OrgRisk ÷ 10) × log₁₀(AffectedSystems + 1) × 20, 100]

Estimated Breach Cost Exposure (Heuristic): BreachCost = $50,000 × OrgRisk × log₁₀(AffectedSystems + 1)

#### Assumptions & References

• All CVSS v3.1 metric weights and formulas follow the official FIRST CVSS v3.1 Specification.
• References: NVD (NIST), FIRST CVSS, CISA KEV Catalog, IBM Cost of a Data Breach 2023.

More Calculators

• D&D 5e Monster HP & Stats Calculator
• Payback Period Calculator for Automation Investment
• Labor Cost Savings from Automation Calculator
• Process Automation Efficiency Calculator
• Automation ROI Calculator
• Vehicle Emissions Estimator

• Carpet Area Measurement Calculator

• External Review Eligibility Checker

• Insurance Claim Settlement Estimator
• Subrogation Recovery Estimator
• Bad Faith Insurance Damages Calculator
• National Insurance Credits Eligibility Calculator
• Claim Denial Appeal Deadline Calculator

References

• ANA
• Life Services Authority
• FIRST CVSS v3.1 Specification
• NVD (NIST)
• FIRST CVSS
• CISA KEV Catalog
• IBM Cost of a Data Breach 2023