Will Dormann on Nostr: CVSS scores make me chuckle sometimes. Remember that "CVSS 9.9" vulnerability in ...
CVSS scores make me chuckle sometimes. Remember that "CVSS 9.9" vulnerability in cups-browsed that turned out to actually be a 5.3? đ
Though not as egregiously wrong as that one, I'm now noticing CVE-2024-30088, which is getting some attention due to people noticing its exploitation ITW. https://www.bleepingcomputer.com/news/security/oilrig-hackers-now-exploit-windows-flaw-to-elevate-privileges/
"According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition."
What's this race condition mean to people who live in the real world? The 100% reliable exploit take a split second rather than succeeding instantly? đ€
Though not as egregiously wrong as that one, I'm now noticing CVE-2024-30088, which is getting some attention due to people noticing its exploitation ITW. https://www.bleepingcomputer.com/news/security/oilrig-hackers-now-exploit-windows-flaw-to-elevate-privileges/
"According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition."
What's this race condition mean to people who live in the real world? The 100% reliable exploit take a split second rather than succeeding instantly? đ€