CVE-2024-10526— Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-10526
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service
Source: NVD (National Vulnerability Database)
Vulnerability Description
Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely. This issue is fixed in version 0.73.3.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对外部实体的文件或目录可访问
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rapid7 Velociraptor MSI Installer 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rapid7 Velociraptor MSI Installer是美国Rapid7公司的一个独特、先进的开源端点监控、数字取证和网络响应平台。 Rapid7 Velociraptor MSI Installer 0.73.3之前版本存在安全漏洞,该漏洞源于通过创建具有BUILTIN\Users组WRITE_DACL权限的安装目录,导致以SYSTEM用户身份执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Rapid7 | Velociraptor | <0.73.2 | - |
II. Public POCs for CVE-2024-10526
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-10526
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: Velociraptor
- CVE-2026-6863
HTTP Filestore Endpoints Misapply Permissions Across Organiz - CVE-2026-7572
Velociraptor EVTX Parser — Process Crash via Crafted .evtx F - CVE-2026-7573
GetUserRoles API endpoint allows any authenticated user to e - CVE-2026-6948
Unbounded Memory Allocation in VQLResponse Result-Set Writer - CVE-2026-6290
Velociraptor Query() Plugin Misapplies Permissions To Orgs
Same vendor: Rapid7
- CVE-2026-6863
HTTP Filestore Endpoints Misapply Permissions Across Organiz - CVE-2026-6948
Unbounded Memory Allocation in VQLResponse Result-Set Writer - CVE-2026-6482
Local Privilege Escalation via OpenSSL configuration file in - CVE-2026-6290
Velociraptor Query() Plugin Misapplies Permissions To Orgs - CVE-2026-4482
Insight Agent Private Key Information Disclosure via Inherit
Same weakness: CWE-552
- CVE-2025-7389
Unauthorized Arbitrary File Read via RMI in AdminServer Inte - CVE-2019-25709
CF Image Hosting Script 1.6.5 Unauthorized Database Access - CVE-2026-33698
Chamilo LMS affected by unauthenticated RCE in main/install - CVE-2021-47960
Synology SSL VPN Client 安全漏洞 - CVE-2026-35446
LORIS has a path traversal in FilesDownloadHandler
V. Comments for CVE-2024-10526
No comments yet