- Description
- Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely. This issue is fixed in version 0.73.3.
- Source
- cve@rapid7.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:Red
- Severity
- HIGH
- cve@rapid7.com
- CWE-552
- Hype score
- Not currently trending
A few weeks ago, Rapid7 released a new version of #Velociraptor to patch CVE-2024-10526, a local privilege escalation discovered by @__jbms__. You can read the advisory here: https://t.co/ijOWeO32UC
@Synacktiv
22 Nov 2024
2858 Impressions
15 Retweets
51 Likes
13 Bookmarks
0 Replies
0 Quotes
CVE-2024-10526 Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BU… https://t.co/EQk0Qad19J
@CVEnew
7 Nov 2024
591 Impressions
2 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
[CVE-2024-10526: HIGH] Vulnerability alert: Rapid7 Velociraptor MSI Installer <0.73.3 grants WRITE_DACL to BUILTIN\\Users, allowing non-admin local users to execute malicious code. Update to version 0.73.3 for fix.#cybersecurity,#vulnerability https://t.co/fpyqRwdH6G https://t
@CveFindCom
7 Nov 2024
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes