Default Asset Score Calculation
Asset scores in Cisco Vulnerability Management are based on the highest vulnerability that exists on the asset and range from 0 to 1000. All Assets added to Cisco Vulnerability Management default to a Priority score of 10. The high vulnerability score is multiplied by the Asset Priority to calculate the Default Asset Score.
| Highest Vuln Score | X | Asset Priority | = | Default Asset Score |
| 100 | X | 10 | = | 1000 |
| 80 | X | 10 | = | 800 |
| 100 | X | 7 | = | 700 |
| 70 | X | 6 | = | 420 |
Internal vs External IP Enhanced Scoring
External facing assets represent a higher risk and therefore will receiving a "bump" in scoring if detected in Cisco Vulnerability Management. Assumptions regarding IP network location are based purely on the address itself with 10.*, 172.16.0.0 - 172.31.255.255 and 192.168.* addresses assumed to be internal. IP addresses that appear to be externally routable will have an additional 200 points added to their Default Asset Score with a maximum asset score of 1000.
| Highest Vuln Score | X | Asset Priority | = | Default Asset Score | External IP? | + | Final Asset Score |
| 100 | X | 10 | = | 1000 |
yes |
200 | 1000 |
| 80 | X | 10 | = | 800 | no | 0 | 800 |
| 100 | X | 7 | = | 700 | yes | 200 | 900 |
| 70 | X | 6 | = | 420 | yes | 200 | 620 |
Comments
Please sign in to leave a comment.