This metric describes the conditions beyond the attacker's
control that must exist in order to exploit the vulnerability.
Values:
ATTACK_COMPLEXITY_UNSPECIFIED (0):
Invalid value.
ATTACK_COMPLEXITY_LOW (1):
Specialized access conditions or extenuating
circumstances do not exist. An attacker can
expect repeatable success when attacking the
vulnerable component.
ATTACK_COMPLEXITY_HIGH (2):
A successful attack depends on conditions
beyond the attacker's control. That is, a
successful attack cannot be accomplished at
will, but requires the attacker to invest in
some measurable amount of effort in preparation
or execution against the vulnerable component
before a successful attack can be expected.
