CVE Risk Score Calculator
ANA›Life Services Authority›National Calculator Authority›CVE Risk Score Calculator
.calc-container { max-width: 640px; margin: 2rem 0; padding: 1.5rem; background: #fff; border: 1px solid #ddd; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.06); font-family: system-ui, -apple-system, sans-serif; } .calc-container h3 { font-family: Georgia, serif; font-size: 1.15rem; color: #1a1a1a; margin-bottom: 1rem; padding-bottom: 0.5rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-row { display: flex; align-items: center; gap: 0.75rem; margin-bottom: 0.75rem; flex-wrap: wrap; } .calc-row label { min-width: 160px; font-size: 0.9rem; color: #333; font-weight: 500; } .calc-row input[type="number"], .calc-row select { flex: 1; min-width: 120px; max-width: 200px; padding: 0.5rem 0.6rem; border: 1px solid #ccc; border-radius: 4px; font-size: 0.9rem; font-family: system-ui, sans-serif; color: #1a1a1a; background: #fafaf8; } .calc-row input:focus, .calc-row select:focus { outline: none; border-color: var(--ac, #3d5a80); box-shadow: 0 0 0 2px rgba(26,74,138,0.12); } .calc-row .unit { font-size: 0.82rem; color: #888; min-width: 30px; } .calc-btn { display: inline-block; margin-top: 0.5rem; padding: 0.55rem 1.5rem; background: var(--ac, #3d5a80); color: #fff; border: none; border-radius: 4px; font-size: 0.9rem; font-weight: 600; cursor: pointer; font-family: system-ui, sans-serif; } .calc-btn:hover { opacity: 0.9; } .calc-result { margin-top: 1.25rem; padding: 1rem 1.25rem; background: #f0f6fc; border-left: 3px solid var(--ac, #3d5a80); border-radius: 0 6px 6px 0; display: none; } .calc-result.visible { display: block; } .calc-result-label { font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.06em; color: #666; margin-bottom: 0.25rem; } .calc-result-value { font-size: 1.6rem; font-weight: 700; color: var(--ac, #3d5a80); } .calc-result-detail { font-size: 0.85rem; color: #555; margin-top: 0.5rem; line-height: 1.5; } .calc-note { margin-top: 1rem; font-size: 0.8rem; color: #888; font-style: italic; } .calc-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 0.75rem; margin-top: 0.75rem; } .calc-grid-item { padding: 0.6rem 0.8rem; background: #f8f9fa; border-radius: 4px; border: 1px solid #eee; } .calc-grid-item .label { font-size: 0.75rem; color: #888; text-transform: uppercase; letter-spacing: 0.04em; } .calc-grid-item .value { font-size: 1.1rem; font-weight: 600; color: #1a1a1a; } @media (max-width: 720px) { .calc-row { flex-direction: column; align-items: flex-start; gap: 0.3rem; } .calc-row label { min-width: auto; } .calc-row input[type="number"], .calc-row select { max-width: 100%; width: 100%; } .calc-grid { grid-template-columns: 1fr; } } .calc-chart { margin: 1rem 0; text-align: center; } .calc-chart svg { max-width: 100%; height: auto; } .calc-chart-legend { display: flex; flex-wrap: wrap; justify-content: center; gap: 0.6rem 1.2rem; margin-top: 0.6rem; font-size: 0.8rem; color: #555; } .calc-chart-legend span { display: inline-flex; align-items: center; gap: 0.3rem; } .calc-chart-legend i { display: inline-block; width: 10px; height: 10px; border-radius: 2px; font-style: normal; } .calc-related { max-width: 640px; margin: 2rem 0 1rem; padding: 1.25rem 1.5rem; background: #f8f9fa; border: 1px solid #e8e8e8; border-radius: 8px; } .calc-related h3 { font-family: Georgia, serif; font-size: 1rem; color: #1a1a1a; margin: 0 0 0.75rem; padding-bottom: 0.4rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-related-list { list-style: none; padding: 0; margin: 0 0 0.75rem; display: grid; grid-template-columns: 1fr 1fr; gap: 0.4rem 1.5rem; } .calc-related-list li a { font-size: 0.88rem; color: var(--ac, #3d5a80); text-decoration: none; } .calc-related-list li a:hover { text-decoration: underline; } .calc-browse-all { margin: 0.5rem 0 0; font-size: 0.9rem; font-weight: 600; } .calc-browse-all a { color: var(--ac, #3d5a80); text-decoration: none; } .calc-browse-all a:hover { text-decoration: underline; } @media (max-width: 720px) { .calc-related-list { grid-template-columns: 1fr; } }
CVE Risk Score Calculator
Calculates a composite CVE risk score combining CVSS v3.1 base score components, asset criticality, and environmental exposure to produce a prioritized risk score (0–100).
### CVSS v3.1 Base Metrics
Attack Vector (AV)
Network (N) Adjacent (A) Local (L) Physical (P)
Attack Complexity (AC)
Low (L) High (H)
Privileges Required (PR)
None (N) Low (L) High (H)
User Interaction (UI)
None (N) Required (R)
Scope (S)
Unchanged (U) Changed (C)
Confidentiality Impact (C)
High (H) Low (L) None (N)
Integrity Impact (I)
High (H) Low (L) None (N)
Availability Impact (A)
High (H) Low (L) None (N)
### Environmental & Asset Factors
Asset Criticality (1–10)
Exploit Code Maturity
High / Functional (H) Proof-of-Concept (P) Unproven (U) Not Defined (X)
Remediation Level
Unavailable (U) Workaround (W) Temporary Fix (T) Official Fix (O)
Report Confidence
Confirmed (C) Reasonable (R) Unknown (U)
Network Exposure (%)
Calculate Risk Score Risk score will appear here.
function updatePR() { // PR numeric values depend on Scope per CVSS 3.1 spec var scope = document.getElementById("cve-scope").value; var pr = document.getElementById("cve-privileges-required").value; // values stored as strings; resolved in calc }
function getPRValue() { var scope = document.getElementById("cve-scope").value; var pr = document.getElementById("cve-privileges-required").value; if (scope === "unchanged") { if (pr === "none") return 0.85; if (pr === "low") return 0.62; if (pr === "high") return 0.27; } else { // changed if (pr === "none") return 0.85; if (pr === "low") return 0.68; if (pr === "high") return 0.50; } return 0.85; }
function calcCVE() { var errEl = document.getElementById("cve-result");
// --- Read inputs --- var AV = parseFloat(document.getElementById("cve-attack-vector").value); var AC = parseFloat(document.getElementById("cve-attack-complexity").value); var PR = getPRValue(); var UI = parseFloat(document.getElementById("cve-user-interaction").value); var scope = document.getElementById("cve-scope").value;
var C = parseFloat(document.getElementById("cve-confidentiality").value); var I = parseFloat(document.getElementById("cve-integrity").value); var A = parseFloat(document.getElementById("cve-availability").value);
var assetCrit = parseFloat(document.getElementById("cve-asset-criticality").value); var EM = parseFloat(document.getElementById("cve-exploit-maturity").value); var RL = parseFloat(document.getElementById("cve-remediation-level").value); var RC = parseFloat(document.getElementById("cve-report-confidence").value); var exp = parseFloat(document.getElementById("cve-exposure").value);
// --- Validation --- if (isNaN(assetCrit) || assetCrit 10) { errEl.innerHTML = "Asset Criticality must be between 1 and 10."; return; } if (isNaN(exp) || exp 100) { errEl.innerHTML = "Network Exposure must be between 0 and 100."; return; }
// --- CVSS v3.1 Base Score --- // ISCBase = 1 - (1-C)(1-I)(1-A) var ISCBase = 1 - (1 - C) * (1 - I) * (1 - A);
var ISS; // Impact Sub-Score if (scope === "unchanged") { ISS = 6.42 * ISCBase; } else { ISS = 7.52 * (ISCBase - 0.029) - 3.25 * Math.pow(ISCBase - 0.02, 15); }
// Exploitability Sub-Score var ESS = 8.22 * AV * AC * PR * UI;
var baseScore; if (ISCBase = 70) { severity = "Critical"; color = "#c0392b"; } else if (riskScore >= 50) { severity = "High"; color = "#e67e22"; } else if (riskScore >= 30) { severity = "Medium"; color = "#f1c40f"; } else if (riskScore > 0) { severity = "Low"; color = "#27ae60"; } else { severity = "Informational"; color = "#2980b9"; }
errEl.innerHTML = "CVSS Base Score: " + baseScore.toFixed(1) + " / 10" + "Temporal Score: " + temporalScore.toFixed(1) + " / 10" + "Composite Risk Score: " + riskScore.toFixed(1) + " / 100" + "Severity: " + severity + "" + "ISC Base: " + ISCBase.toFixed(4) + " | ISS: " + ISS.toFixed(4) + " | ESS: " + ESS.toFixed(4) + ""; }
#### Formulas
1. Impact Sub-Score (ISS): ISCBase = 1 − (1−C)(1−I)(1−A) If Scope = Unchanged: ISS = 6.42 × ISCBase If Scope = Changed: ISS = 7.52 × [ISCBase − 0.029] − 3.25 × [ISCBase − 0.02]15
2. Exploitability Sub-Score (ESS): ESS = 8.22 × AV × AC × PR × UI
3. CVSS Base Score: If ISCBase ≤ 0: BaseScore = 0 If Scope = Unchanged: BaseScore = Roundup(min(ISS + ESS, 10)) If Scope = Changed: BaseScore = Roundup(min(1.08 × (ISS + ESS), 10))
4. Temporal Score: TemporalScore = Roundup(BaseScore × ExploitMaturity × RemediationLevel × ReportConfidence)
5. Composite Risk Score (0–100): RiskScore = (TemporalScore / 10) × (AssetCriticality / 10) × (Exposure / 100) × 100
Severity Bands: Critical ≥ 70 | High ≥ 50 | Medium ≥ 30 | Low > 0 | Informational = 0
#### Assumptions & References
- Reference: FIRST CVSS v3.1 Specification — https://www.first.org/cvss/v3.1/specification-document
- Reference: NVD CVSS Calculator — https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
More Calculators
- Tempered vs Laminated Glass U-Value Calculator
- Auto Glass Repair vs Replace Decision Calculator
- Home Insulation R-Value Calculator
- Phishing Risk Exposure Calculator
- Home Inspection Checklist Score Calculator
- VPN Speed & Privacy Tradeoff Calculator
- Home Network Risk Assessment Calculator
- NH Contractor Insurance Cost Estimator
- New Jersey Home Improvement Contract Value Threshold Checker
- NH Contractor Bond Amount Calculator
- New Jersey Contractor License Fee Calculator
- New Hampshire Sales Tax Calculator for Construction Materials
Read Next
Study Time Planner Authority Network America › Life Services Authority › National Calculator Authority .calc-container { max-width: 640px;...