Overview
- Description
- Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely. This issue is fixed in version 0.73.3.
- Source
- cve@rapid7.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:Red
- Severity
- HIGH
Weaknesses
- cve@rapid7.com
- CWE-552
Social media
- Hype score
- Not currently trending
CVE-2024-10526 Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BU… https://t.co/EQk0Qad19J
@CVEnew
7 Nov 2024
591 Impressions
2 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
[CVE-2024-10526: HIGH] Vulnerability alert: Rapid7 Velociraptor MSI Installer <0.73.3 grants WRITE_DACL to BUILTIN\\Users, allowing non-admin local users to execute malicious code. Update to version 0.73.3 for fix.#cybersecurity,#vulnerability https://t.co/fpyqRwdH6G https://t
@CveFindCom
7 Nov 2024
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes