Let's say that a vulnerability allowed for RCE as the user "nobody". And said platform includes a setuid binary that allows anyone to run programs as root. How would you assign a CVSS score for the RCE?
-
-
Replying to @wdormann
Two separate vulnerabilities, and I don't think CVSS takes into account the level of privileges you gain, just whether scope has been changed, right?
1 reply 0 retweets 3 likes
Replying to @jstnkndy
Right. So in CVSS 3 terms, it's the difference between a 7.3 and an 8.3
5:56 AM - 22 Feb 2020
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.