Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Robot Schedule Enterprise Agent by Fortra
CVE-2024-0259 (GCVE-0-2024-0259)
Vulnerability from nvd – Published: 2024-03-28 14:31 – Updated: 2024-08-01 17:41
VLAI?
Title
Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04
Summary
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
Severity ?
7.3 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortra | Robot Schedule Enterprise Agent |
Affected:
2.0 , < 3.04
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortra:robot_schedule_enterprise_agent:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robot_schedule_enterprise_agent",
"vendor": "fortra",
"versions": [
{
"lessThan": "3.04",
"status": "affected",
"version": "2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T15:55:02.721553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T20:50:22.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fortra.com/security/advisory/fi-2024-005"
},
{
"tags": [
"x_transferred"
],
"url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Robot Schedule Enterprise Agent",
"vendor": "Fortra",
"versions": [
{
"lessThan": "3.04",
"status": "affected",
"version": "2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Travis Dotseth, Prime Therapeutics"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fortra\u0027s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Fortra\u0027s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-28T14:31:07.986Z",
"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"shortName": "Fortra"
},
"references": [
{
"url": "https://www.fortra.com/security/advisory/fi-2024-005"
},
{
"url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade Robot Schedule Enterprise agents for Windows to version 3.04 or higher."
}
],
"value": "Upgrade Robot Schedule Enterprise agents for Windows to version 3.04 or higher."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"assignerShortName": "Fortra",
"cveId": "CVE-2024-0259",
"datePublished": "2024-03-28T14:31:07.986Z",
"dateReserved": "2024-01-05T23:59:37.995Z",
"dateUpdated": "2024-08-01T17:41:16.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0259 (GCVE-0-2024-0259)
Vulnerability from cvelistv5 – Published: 2024-03-28 14:31 – Updated: 2024-08-01 17:41
VLAI?
Title
Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04
Summary
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
Severity ?
7.3 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortra | Robot Schedule Enterprise Agent |
Affected:
2.0 , < 3.04
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortra:robot_schedule_enterprise_agent:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robot_schedule_enterprise_agent",
"vendor": "fortra",
"versions": [
{
"lessThan": "3.04",
"status": "affected",
"version": "2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T15:55:02.721553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T20:50:22.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fortra.com/security/advisory/fi-2024-005"
},
{
"tags": [
"x_transferred"
],
"url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Robot Schedule Enterprise Agent",
"vendor": "Fortra",
"versions": [
{
"lessThan": "3.04",
"status": "affected",
"version": "2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Travis Dotseth, Prime Therapeutics"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fortra\u0027s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Fortra\u0027s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-28T14:31:07.986Z",
"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"shortName": "Fortra"
},
"references": [
{
"url": "https://www.fortra.com/security/advisory/fi-2024-005"
},
{
"url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade Robot Schedule Enterprise agents for Windows to version 3.04 or higher."
}
],
"value": "Upgrade Robot Schedule Enterprise agents for Windows to version 3.04 or higher."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"assignerShortName": "Fortra",
"cveId": "CVE-2024-0259",
"datePublished": "2024-03-28T14:31:07.986Z",
"dateReserved": "2024-01-05T23:59:37.995Z",
"dateUpdated": "2024-08-01T17:41:16.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}