Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


The Common Vulnerability Scoring System (CVSS) score of attack is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threats.

Scores range from 0 to 10, with 10 being the most severe. While mostly CVSS base score is used for determining severity, temporal and environmental scores, to factor in availability of mitigations and how widespread vulnerable systems are within an organization.

The CVSS assessment measures three areas of concern:

  • Base Metrics for qualities intrinsic to a vulnerability.

  • Temporal Metrics for characteristics that evolve over the lifetime of vulnerability.

  • Environmental Metrics for vulnerabilities that depend on a particular implementation or environment.

A numerical score is generated for each of these metric groups.


greater-than value

Match when CVSS score is greater than the value specified. The value is a real number and can include decimal values. For example, the value 5.5 is a valid CVSS score.

  • Range: 0 to 10

less-than value

Match when CVSS score is less than the value specified.

  • Range: 0 to 10

Required Privilege Level


Release Information

Statement introduced in Junos OS Release 18.2R1.