CVSS Score 6

Author: martindg

trainingportal/qna.js

@@ -255,6 +255,10 @@ let cvss_8_score_5 = () => {
   return {"digest": getDigest("CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N")};
 }
 
+let cvss_9_score_6 = () => {
+  return {"digest": getDigest("CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N")};
+}
+
 const DEFS = {
   "crypto_caesar": caesarEnc,
   "crypto_vigenere": vigenereEnc,
@@ -269,7 +273,8 @@ const DEFS = {
   "cvss_5_chain": cvss_5_chain,
   "cvss_6_score_3": cvss_6_score_3,
   "cvss_7_score_4": cvss_7_score_4,
-  "cvss_8_score_5": cvss_8_score_5
+  "cvss_8_score_5": cvss_8_score_5,
+  "cvss_9_score_6": cvss_9_score_6
 }
 
 module.exports = {

trainingportal/static/lessons/cvss/cvss_9_score_6.md

@@ -0,0 +1,21 @@
+### Task
+
+Score the following scenario using the CVSS v4.0 calculator [https://www.first.org/cvss/calculator/4-0](https://www.first.org/cvss/calculator/4-0).
+
+<br><br>
+
+### Scenario
+
+The company "PCGamingCompany.insecure.example" offers computer games to its customers. The service offers an easy sign up for new customers.
+
+From a technical standpoint, they have a web client and a desktop client. In order for customers to play games, they have to download the desktop client and log into their account.
+
+<br><br>
+
+#### Vulnerability
+
+A Local Privilege Escalation (LPE) vulnerability was identified in the desktop client. A low-privileged attacker on the machine can trick the gaming client into overwriting any file on the filesystem with attacker provided content by preparing a specially crafted symbolic link.
+
+The attack works by leveraging the upgrade process which uses unsecured temporary folder for storing upgrade files. The desktop client will overwrite any file as a privileged user. As a result, the attacker can become a privileged user on the machine.
+
+<br><br>

trainingportal/static/lessons/cvss/cvss_9_score_6.sol.md

@@ -0,0 +1,26 @@
+High-level analysis:
+
+- Prerequisites:
+    - The attacker needs to have a local access as a low-privileg user on the system they want to gain privileges on
+- Impact:
+    - Complete compromise of the system where the gaming desktop client is installed
+        - **NOTE**: There is no change of scope here from a Vulnerable System to a Subsequent System.
+            - This case is covered in the [CVSS User Guide](https://www.first.org/cvss/v4-0/user-guide#Vulnerable-System-and-Subsequent-System) (PDF reader example).
+            - The gaming desktop client does not have its own local Authorization and Authentication functionality.
+            - However, the product makes the customer insecure as it provides an LPE attack surface.
+
+---
+
+CVSS:
+
+- Attack Vector(AV): Local (L)
+- Attack Complexity (AC): Low (L)
+- Attack Requirements (AT): None (N)
+- Privileges Required (PR): Low (L)
+- User Interaction (UI): None (N)
+- Vulnerable System Confidentiality(VC): High (H)
+- Vulnerable System Integrity (VI): High (H)
+- Vulnerable System Availability (VA): High (H)
+- Subsequent System Confidentiality (SC): None (N)
+- Subsequent System Integrity (SI): None (N)
+- Subsequent System Availability (SA): None (N)

trainingportal/static/lessons/cvss/definitions.json

@@ -112,6 +112,15 @@
                 "type":"quiz",
                 "mission":"Enter the CVSS v4 string (Base Score)",
                 "codeBlockIds":[]
+            },
+            {
+                "id":"cvss_9_score_6",
+                "name":"Score Vulnerability 6",
+                "description": "cvss_9_score_6.md",
+                "solution": "cvss_9_score_6.sol.md",
+                "type":"quiz",
+                "mission":"Enter the CVSS v4 string (Base Score)",
+                "codeBlockIds":[]
             }
         ]
     }