In the previous sections, we looked at various categories of metrics that are taken into consideration for calculating the final CVSS score. It might appear overwhelming to consider so many values in calculating the score. However, this task is made easy by using the online CVSS calculator. It can be accessed at https://www.first.org/cvss/calculator/3.0.

The online CVSS calculator has got all the required parameters, and you need to select the right ones based on your environment and vulnerability context. Once done, the final score is automatically populated.

The following screenshot shows the CVSS calculator before selecting values for any of the parameters:

Consider a vulnerability that could be remotely exploited over the network, is highly complex to execute, requires high account privileges, and requires some kind of interaction from a target user while the impact on confidentiality, integrity, and availability is low. In such a case, the CVSS score would be 3.9 and rated as Low, as shown in the following screenshot:

Let's consider another vulnerability that could be remotely exploited over the network; however, it is very easy to execute. It requires low or normal account privileges and requires some kind of interaction from the target user, while the impact on confidentiality, integrity, and availability is low. In such a case, the CVSS score would be 5.5 and rated as Medium, as shown in the following screenshot:

Let's consider another vulnerability that could be remotely exploited over the network. However, it is very easy to execute, doesn't require any specific account privileges, and does not require any kind of interaction from the target user. If the vulnerability gets successfully exploited, the impact on confidentiality and integrity would be high while the impact on availability would be low. In such a case, the CVSS score would be 9.4 and rated as Critical, as shown in the following screenshot: