Lucene search

FortraVULNRICHMENT:CVE-2024-0259

HistoryMar 28, 2024 - 2:31 p.m.

CVE-2024-0259 Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04

2024-03-2814:31:07

CWE-276

Fortra

github.com

privilege escalation

robot schedule

windows

cve-2024-0259

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Fortra’s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Robot Schedule Enterprise Agent",
    "vendor": "Fortra",
    "versions": [
      {
        "lessThan": "3.04",
        "status": "affected",
        "version": "2.0",
        "versionType": "semver"
      }
    ]
  }
]

References

hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm

www.fortra.com/security/advisory/fi-2024-005

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for VULNRICHMENT:CVE-2024-0259