CVE-2024-0259

CVSS V2 None CVSS V3 None

Description

Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.

Overview

CVE ID
CVE-2024-0259

Assigner
Fortra

Vulnerability Status
PUBLISHED

Published Version
2024-03-28T14:31:07.986Z

Last Modified Date
2024-06-06T20:50:22.111Z

Weakness Enumerations

CWE	URL
CWE-276	http://cwe.mitre.org/data/definitions/276.html

References

Reference URL	Reference Tags
https://www.fortra.com/security/advisory/fi-2024-005
https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-0259
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0259

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 10:25:48				Added to TrackCVE