Attack Feasibility Rating based on ISO 21434 RQ-15-10.<br/><br/>For each attack path, the attack feasibility rating shall be determined based on the following table:<br/><br/>-High: The attack path can be accomplished utilizing low effort.<br/>-Medium: The attack path can be accomplished utilizing medium effort.<br/>Low: The attack path can be accomplished utilizing high effort.<br/>Very low: The attack path can be accomplished utilizing very high effort.<br/><br/>Based on RC-15-11 the attack feasibility rating method should be defined based on one of the following approaches: <br/>a) attack potential-based approach;<br/>b) CVSS-based approach; or <br/>c) attack vector-based approach. <br/>NOTE 1 Selection of the approach can depend upon the phase in the lifecycle and available information.<br/><br/>Based on RC-15-13, if a CVSS-based approach is used, the attack faeasibility rating should be determined based on the exploitability metrics of the base metrig group, including: <br/>a) attack vector,<br/>b) attack complexity;<br/>c) privlieges required; and<br/>d) user interaction.<br/>