Cyber Resilience

CVE-2024-10526

HighLPE

Published: 07 November 2024

Published
07 November 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:Red
EPSS Score 0.0002 6.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10526 is a high-severity Files or Directories Accessible to External Parties (CWE-552) vulnerability. Its CVSS base score is 8.6 (High).

Operationally, ranked at the 6.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on…

more

Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely. This issue is fixed in version 0.73.3.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Rapid7 Velociraptor MSI Installer
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-552 CWE-732

Identifying and documenting file and directory locations allows restriction of access to external parties.

addresses: CWE-732 CWE-552

Protecting backup availability and integrity requires correct permission assignments on critical backup resources.

addresses: CWE-732 CWE-552

Restricting media access ensures correct permission assignments for this critical resource.

addresses: CWE-552 CWE-732

Employing and evaluating controls at documented alternate sites makes files and directories less likely to be accessible to external parties through physical or environmental weaknesses.

addresses: CWE-732 CWE-552

Mandates securing keys/combinations, periodic inventory, and rotation on compromise or personnel changes to correct improper physical permission assignments.

addresses: CWE-732 CWE-552

Treating the plan as a critical resource and requiring it to be protected from unauthorized modification or disclosure drives correct permission assignment.

addresses: CWE-552 CWE-732

Categorization results dictate which files and directories must be restricted, making unauthorized external access less likely.

addresses: CWE-552 CWE-732

Prevents public exposure of files or directories that should not be reachable by unauthenticated parties.

References