Terms

reflects the complexity of the attack required to exploit the software feature misuse vulnerability.

reflects the access required to exploit the vulnerability.

An attack on a secure communication protocol where the attacker transmits data to the claimant, Credential Service Provider (CSP), verifier, or Relying Party (RP). Examples of active attacks include man in the middle (MitM), impersonation, and session hijacking.

Adversaries may obtain access to generative artificial intelligence tools, such as large language models (LLMs), to aid various techniques during targeting. These tools may be used to inform, bolster, and enable a variety of malicious tasks, including conducting Reconnaissance, creating basic scripts, assisting social engineering, and even developing payloads.(Citation: MSFT AI)