Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Robot Schedule Enterprise Agent by Fortra

    CVE-2024-0259 (GCVE-0-2024-0259)

    Vulnerability from nvd – Published: 2024-03-28 14:31 – Updated: 2024-08-01 17:41
    VLAI
    Title
    Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04
    Summary
    Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Fortra Robot Schedule Enterprise Agent Affected: 2.0 , < 3.04 (semver)
    Create a notification for this product.
    fortra robot_schedule_enterprise_agent Affected: 2.0 , < 3.04 (custom)
        cpe:2.3:a:fortra:robot_schedule_enterprise_agent:2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Travis Dotseth, Prime Therapeutics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fortra:robot_schedule_enterprise_agent:2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "robot_schedule_enterprise_agent",
                "vendor": "fortra",
                "versions": [
                  {
                    "lessThan": "3.04",
                    "status": "affected",
                    "version": "2.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0259",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-28T15:55:02.721553Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T20:50:22.111Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:16.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.fortra.com/security/advisory/fi-2024-005"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Robot Schedule Enterprise Agent",
              "vendor": "Fortra",
              "versions": [
                {
                  "lessThan": "3.04",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Travis Dotseth, Prime Therapeutics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fortra\u0027s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Fortra\u0027s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-28T14:31:07.986Z",
            "orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
            "shortName": "Fortra"
          },
          "references": [
            {
              "url": "https://www.fortra.com/security/advisory/fi-2024-005"
            },
            {
              "url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade Robot Schedule Enterprise agents for Windows to version 3.04 or higher."
                }
              ],
              "value": "Upgrade Robot Schedule Enterprise agents for Windows to version 3.04 or higher."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
        "assignerShortName": "Fortra",
        "cveId": "CVE-2024-0259",
        "datePublished": "2024-03-28T14:31:07.986Z",
        "dateReserved": "2024-01-05T23:59:37.995Z",
        "dateUpdated": "2024-08-01T17:41:16.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0259 (GCVE-0-2024-0259)

    Vulnerability from cvelistv5 – Published: 2024-03-28 14:31 – Updated: 2024-08-01 17:41
    VLAI
    Title
    Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04
    Summary
    Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Fortra Robot Schedule Enterprise Agent Affected: 2.0 , < 3.04 (semver)
    Create a notification for this product.
    fortra robot_schedule_enterprise_agent Affected: 2.0 , < 3.04 (custom)
        cpe:2.3:a:fortra:robot_schedule_enterprise_agent:2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Travis Dotseth, Prime Therapeutics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fortra:robot_schedule_enterprise_agent:2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "robot_schedule_enterprise_agent",
                "vendor": "fortra",
                "versions": [
                  {
                    "lessThan": "3.04",
                    "status": "affected",
                    "version": "2.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0259",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-28T15:55:02.721553Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T20:50:22.111Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:16.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.fortra.com/security/advisory/fi-2024-005"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Robot Schedule Enterprise Agent",
              "vendor": "Fortra",
              "versions": [
                {
                  "lessThan": "3.04",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Travis Dotseth, Prime Therapeutics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fortra\u0027s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Fortra\u0027s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-28T14:31:07.986Z",
            "orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
            "shortName": "Fortra"
          },
          "references": [
            {
              "url": "https://www.fortra.com/security/advisory/fi-2024-005"
            },
            {
              "url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade Robot Schedule Enterprise agents for Windows to version 3.04 or higher."
                }
              ],
              "value": "Upgrade Robot Schedule Enterprise agents for Windows to version 3.04 or higher."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
        "assignerShortName": "Fortra",
        "cveId": "CVE-2024-0259",
        "datePublished": "2024-03-28T14:31:07.986Z",
        "dateReserved": "2024-01-05T23:59:37.995Z",
        "dateUpdated": "2024-08-01T17:41:16.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }