Vulnerability Description
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortra | Robot Schedule | < 3.04 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RoboRelease Notes
- https://www.fortra.com/security/advisory/fi-2024-005Vendor Advisory
- https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RoboRelease Notes
- https://www.fortra.com/security/advisory/fi-2024-005Vendor Advisory
FAQ
What is CVE-2024-0259?
CVE-2024-0259 is a vulnerability with a CVSS score of 7.3 (HIGH). Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is resta...
How severe is CVE-2024-0259?
CVE-2024-0259 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-0259?
Check the references section above for vendor advisories and patch information. Affected products include: Fortra Robot Schedule, Microsoft Windows.