Attack models and attack graphs are efficient tools to describe and analyse attack scenarios aimed at computer networks. More precisely, attack graphs give all possible scenarios for an attacker to reach a certain goal, exploiting vulnerabilities of the targeted network. Nevertheless they give no information about the damages induced by these attacks, nor about the probability of exploitation of these scenarios. In this paper, we propose to combine attack graphs and CVSS framework, in order to add damage and exploitability probability information. Then, we define a notion of risk for each attack scenario, which is based on quantitative information added to attack graphs.