Severity levels for Amazon Inspector findings
When Amazon Inspector generates a vulnerability finding, it automatically assigns a severity to the finding. A finding's severity reflects the principal characteristics of the finding and can therefore help you assess and prioritize your findings. A finding's severity doesn't imply or otherwise indicate the criticality or importance that an affected resource might have for your organization.
A finding’s severity rating is driven by a numerical score that corresponds to one of the following severity levels: informational, low, medium, high, or critical.
The method by which Amazon Inspector determines the severity differs based on the finding type. See the following sections about to learn more about how Amazon Inspector determines the severity rating for each finding type.
Software package vulnerability severity
Amazon Inspector uses the NVD/CVSS score as the basis of severity scoring for software
package vulnerabilities. The NVD/CVSS score is the vulnerability severity score
published by the NVD and defined by the CVSS. The NVD/CVSS score is a composition of
security metrics, such as attack complexity, exploit code maturity, and privileges
required. Amazon Inspector produces a numerical score from 1 to 10 that reflects the
vulnerability’s severity. Amazon Inspector categorizes this as a base score because it reflects
the severity of a vulnerability according to its intrinsic characteristics, which
are constant over time. This score also assumes the reasonable worst-case impact
across different deployed environments. The CVSS v3
standard
|
Score |
Rating |
| 0 | Informational |
| 0.1–3.9 | Low |
| 4.0–6.9 | Medium |
| 7.0–8.9 | High |
| 9.0–10.0 | Critical |
Package vulnerability findings can also have a severity of Untriaged. This means that the vendor hasn't yet set a vulnerability score for the detected vulnerability. In this case, we recommend using the reference URLs for the finding to research that vulnerability and respond accordingly.
Package vulnerability findings include the following scores and associated scoring vectors as part of their finding details:
-
EPSS score
-
Inspector score
-
CVSS 3.1 from Amazon CVE
-
CVSS 3.1 from NVD
-
CVSS 2.0 from NVD (where applicable)
Code vulnerability severity
For code vulnerability findings Amazon Inspector uses the severity levels defined by the Amazon CodeGuru detectors that generated the finding. Each detector is assigned a severity using the CVSS v3 scoring system. For an explanation of the severities CodeGuru uses see Severity definitions in the CodeGuru guide. For a list of detectors by severity, select from the supported programming languages below:
Network reachability severity
Amazon Inspector determines the severity for a network reachability vulnerability based on the service, ports, and protocols that are exposed and by the type of open path. The following table defines these severity ratings. The value in the Open path rating column represents open paths from virtual gateways, peered VPCs, and AWS Direct Connect networks. All other exposed services, ports, and protocols have an Informational severity rating.
|
Service |
TCP ports |
UDP ports |
Internet path rating |
Open path rating |
| DHCP | 67, 68, 546, 547 | 67, 68, 546, 547 | Medium | Informational |
| Elasticsearch | 9300, 9200 | NA | Medium | Informational |
| FTP | 21 | 21 | High | Medium |
| Global catalog LDAP | 3268 | NA | Medium | Informational |
| Global catalog LDAP over TLS | 3269 | NA | Medium | Informational |
| HTTP | 80 | 80 | Low | Informational |
| HTTPS | 443 | 443 | Low | Informational |
| Kerberos | 88, 464, 543, 544, 749, 751 | 88, 464, 749, 750, 751, 752 | Medium | Informational |
| LDAP | 389 | 389 | Medium | Informational |
| LDAP over TLS | 636 | NA | Medium | Informational |
| MongoDB | 27017, 27018, 27019, 28017 | NA | Medium | Informational |
| MySQL | 3306 | NA | Medium | Informational |
| NetBIOS | 137, 139 | 137, 138 | Medium | Informational |
| NFS | 111, 2049, 4045, 1110 | 111, 2049, 4045, 1110 | Medium | Informational |
| Oracle | 1521, 1630 | NA | Medium | Informational |
| PostgreSQL | 5432 | NA | Medium | Informational |
| Print services | 515 | NA | High | Medium |
| RDP | 3389 | 3389 | Medium | Low |
| RPC | 111, 135, 530 | 111, 135, 530 | Medium | Informational |
| SMB | 445 | 445 | Medium | Informational |
| SSH | 22 | 22 | Medium | Low |
| SQL Server | 1433 | 1434 | Medium | Informational |
| Syslog | 601 | 514 | Medium | Informational |
| Telnet | 23 | 23 | High | Medium |
| WINS | 1512, 42 | 1512, 42 | Medium | Informational |
