FI-2024-005 - Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04
Severity
Critical
Published Date
28-Mar-2024
Updated Date
28-Mar-2024
Vulnerabilities
CVE-2024-0259
Notes
Description
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
Vulnerabilities
Acknowledgements
Fortra would like to thank the following individuals:
- Travis Dotseth , Prime Therapeutics