Lucene search

FortraCVELIST:CVE-2024-0259

HistoryMar 28, 2024 - 2:31 p.m.

CVE-2024-0259 Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04

2024-03-2814:31:07

CWE-276

Fortra

www.cve.org

cve-2024-0259

fortra's robot schedule

windows

privilege escalation

version 3.04

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Fortra’s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Robot Schedule Enterprise Agent",
    "vendor": "Fortra",
    "versions": [
      {
        "lessThan": "3.04",
        "status": "affected",
        "version": "2.0",
        "versionType": "semver"
      }
    ]
  }
]

References

hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm

www.fortra.com/security/advisory/fi-2024-005

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-0259