Let's say that a vulnerability allowed for RCE as the user "nobody". And said platform includes a setuid binary that allows anyone to run programs as root. How would you assign a CVSS score for the RCE?
-
-
This Tweet is unavailable.
-
This Tweet is unavailable.
- 7 more replies
-
-
-
That's why I asked if the setuid binary is considered a vuln or is there by design. But I agree with your broader message: vulns don't live in a vacuum, so vuln scoring that doesn't account for chaining is flawed in that respect.
-
But then again, if we assume that there always exists at least one browser renderer RCE vuln, and always at least one User->System LPE on Windows, should we consider all sandbox escape vulns as a 10? :)
End of conversation
New conversation -
-
-
It's ok for a generic CVSS score like this to be low. It's up to the system builder to release an advisory that explains the problem and provide suitable severity details
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.