CVE-2024-10526

Name of the Vulnerable Software and Affected Versions Rapid7 Velociraptor MSI Installer versions prior to 0.73.3

Description The issue arises from the Rapid7 Velociraptor MSI Installer creating the installation directory with WRITE DACL permission to the BUILTINUsers group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely.

Recommendations Update to version 0.73.3 to fix the issue. As a temporary workaround, consider restricting access to the installation directory to prevent local users from modifying Velociraptor's files until the update is applied.