Which of the following CVE metrics would be most accurate for this zero-day threat?

A recent zero-day vulnerability is being actively exploited, requires no user interaction or privilege escalation, and has a significant impact to confidentiality and integrity but not to availability.

Which of the following CVE metrics would be most accurate for this zero-day threat?
A . CVSS: 31/AV: N/AC: L/PR: N/UI: N/S: U/C: H/1: K/A: L
B . CVSS:31/AV:K/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
C . CVSS:31/AV:N/AC:L/PR:N/UI:H/S:U/C:L/I:N/A:H
D . CVSS:31/AV:L/AC:L/PR:R/UI:R/S:U/C:H/I:L/A:H

View Answer

Answer: A

Explanation:

This answer matches the description of the zero-day threat. The attack vector is network (AV:N), the attack complexity is low (AC:L), no privileges are required (PR:N), no user interaction is required (UI:N), the scope is unchanged (S:U), the confidentiality and integrity impacts are high (C:H/I:H), and the availability impact is low (A:L). Official.

Reference: https://nvd.nist.gov/vuln-metrics/cvss