cbcvebase.
CVE-2024-10526
published 2024-11-07

CVE-2024-10526: Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to…

PriorityP338high8.6CVSS 4.0
AVLACLATNPRLUIAVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUYRUVDRELURed
EPSS
0.17%
6.1th percentile
Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely. This issue is fixed in version 0.73.3.

Affected

1 ranges
VendorProductVersion rangeFixed in
rapid7velociraptor
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.