CVE-2024-0259

EPSS 0.28%
Veröffentlicht 28.03.2024 15:15:46
Zuletzt bearbeitet 09.04.2025 15:42:22
Quelle df4dee71-de3a-4139-9588-11b62f
CVE-Watchlists
Login
Unerledigt
Login

Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04

Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortra ≫ Robot Schedule SwEditionenterprise Version < 3.04

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.199

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
df4dee71-de3a-4139-9588-11b62fe6c0ff	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm

Release Notes

https://www.fortra.com/security/advisory/fi-2024-005

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0259

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0259

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0259

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-0259