Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories



Article ID: KB16446 KB Last Updated: 09 Jul 2019Version: 5.0

How does the Juniper Networks Security Incident Response Team (Juniper SIRT) use the Common Vulnerability Scoring System (CVSS)?

The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity, as well as a textual representation of that score. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

CVSS provides standardized vulnerability scores. When an organization uses a common algorithm for scoring vulnerabilities across all IT platforms, it can leverage a single vulnerability management policy defining the maximum allowable time to validate and remediate a given vulnerability. As an open framework, the individual characteristics used to derive a score based on standardized metrics are transparent.

Juniper Networks uses CVSS for all reported vulnerabilities. The CVSS Base Score is used to gauge the severity and set priorities for the fix and remediation. Customers can use the Base Score to perform a full CVSS assessment (see the CVSS Guide below). The total CVSS Score will provide customers with a more precise understanding of the vulnerability's severity as it relates to their specific network.

In June 2019, the CVSS Special Interest Group (SIG), of which Juniper Networks is an actively participating member, published version 3.1 of the CVSS specification. CVSS v3.1 is quickly gaining worldwide adoption, and beginning in July 2019, the Juniper SIRT is publishing CVSS v3.1 Base Scores for all Juniper Security Advisories going forward. Refer to Changes in CVSS v3.1 in the CVSS v3.1 User Guide for more information about the improvements to the CVSS specification found in version 3.1.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search