The CVSS Attack Complexity metric captures measurable actions that must be taken by the attacker to actively evade or
circumvent existing built-in security-enhancing conditions in order to obtain a working exploit.
Full details about this metric and its possible values at [https://www.first.org/cvss/v3-1/specification-document](https://www.first.org/cvss/v3-1/specification-document).