PT-2024-15419 · Fortra · Robot Schedule Enterprise Agent
Travis Dotseth
·
Published
2024-03-28
·
Updated
2024-04-10
·
CVE-2024-0259
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Fortra's Robot Schedule Enterprise Agent for Windows versions prior to 3.04
Description
The issue allows a low-privileged user to overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, enabling a low-privileged user to gain elevated privileges.
Recommendations
For versions prior to 3.04, update to version 3.04 or later to resolve the issue. As a temporary workaround, consider restricting access to the service executable to prevent low-privileged users from overwriting it.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Robot Schedule Enterprise Agent