What is an attack on an information system that exploits a particular vulnerability called?

An attack on an information system that exploits a particular vulnerability is termed an exploit. This term specifically refers to a piece of code, a command, or a sequence of commands that takes advantage of a flaw or vulnerability in software or hardware to carry out an unauthorized action, such as gaining access to data or system resources.

Understanding this concept is essential in cybersecurity because identifying and mitigating exploits helps protect systems from unauthorized access and damage. In security assessments, recognizing the specific vulnerabilities that can be exploited is necessary for developing effective defenses.

The other terms do not describe this action as precisely. An intrusion refers to unauthorized access to a system but does not inherently indicate the exploitation of a specific vulnerability. An attack vector denotes the method or pathway used to gain access to a target system but does not specify the exploitation of a particular vulnerability. Phishing describes a social engineering attack aimed at tricking individuals into revealing sensitive information, rather than directly utilizing a system vulnerability.