An exploit is code or a technique that takes advantage of a vulnerability to cause unintended behavior — gaining unauthorized access, escalating privileges, crashing services, or executing arbitrary commands. A vulnerability is the weakness; an exploit is the mechanism that weaponizes it.
Not all vulnerabilities have working exploits, and not all exploits are publicly known. When exploit code becomes publicly available, patch urgency increases dramatically because the barrier for attackers drops significantly.
CISSP Relevance
Understanding exploits is essential in Domain 6 (Security Assessment and Testing) for interpreting penetration test results and in Domain 7 (Security Operations) for prioritizing incident response. CISSP candidates must understand how exploit availability affects risk ratings.
External reference: NIST National Vulnerability Database Vulnerability Listings
Related terms: Vulnerability, Penetration Testing