# Attack Complexity (MAC)

This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.&#x20;

Such conditions may require the presence of certain system/protocol configuration settings or computational exceptions, as well as time requirements or any other uncontrollable (by the attacker) events' presence for the attack to be successful.&#x20;