Let's say that a vulnerability allowed for RCE as the user "nobody". And said platform includes a setuid binary that allows anyone to run programs as root. How would you assign a CVSS score for the RCE?
-
-
I'd say AV:N/AC:L/Au:N/C:C/I:C/A:C Base: 10 Impact: 10
-
That's the gist that I'd like to convey. But a CVSS score is for a vulnerability itself. Not a vulnerability chain. So this is sort of cheating. In the real world, vulnerabilities don't exist in a vacuum.
- 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.