Wednesday, May 7, 2025
HomeCVE/vulnerabilityFortra For Windows Vulnerability Let Attackers Escalate Privilege

Fortra For Windows Vulnerability Let Attackers Escalate Privilege

Published on

SIEM as a Service

Follow Us on Google News

Fortra’s Robot Schedule Enterprise Agent permits a low-privileged user to elevate privileges to the local system level. 

The problem arises from the agent’s failure to adequately secure its service executable, which an attacker can exploit by swapping out the executable for a malicious one.

As a result, the malicious code will run with elevated privileges when the service restarts, allowing unauthorized access to the system.

- Advertisement - Google News

In versions of Fortra’s Robot Schedule Enterprise Agent for Windows prior to version 3.04, there is a vulnerability known as CVE-2024-0259 that allows a low-privileged user to overwrite the service executable with their own malicious code and also allows for enhanced privileges. 

It is also crucial since it gives the attacker considerable control over the system.

Upon service restart, the overwritten executable executes with local system privileges, giving the attacker escalated privileges on the system.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.

Privilege Escalation Vulnerability

An attacker with low privileges can exploit the vulnerability to gain complete control over the system. 

The agent’s service executable is vulnerable to overwriting, which is the source of the vulnerability.

An attacker can deceive the system into executing their code with the highest level of privileges (local system) when the service restarts by substituting a malicious executable for the original one, giving the attacker full access to all of the system’s resources. 

Details of the Vulnerabilities

In Windows versions before 3.04, Fortra’s Robot Schedule Enterprise Agent is susceptible to privilege escalation. This vulnerability enables a user with low privileges to replace the service executable with malicious code. 

When the service restarts, the overwritten program runs with local system privileges, giving the attacker elevated access to the compromised system.

This vulnerability, which falls under CWE-276: Incorrect Default Permissions, underscores the significance of establishing suitable access controls for executables. 

Fortra’s Robot Schedule Enterprise Agent for Windows versions before 3.04 was found to have a critical privilege escalation vulnerability (CVE-2024-0259) on December 7th, 2023. 

The vulnerability has a high exploitability and potential impact, earning it a CVSSv3.1 score of 7.3.

An attacker with low privileges could use it to overwrite a legitimate service executable and then run arbitrary code with system privileges. 

Fortra released version 3.04 on March 20th, 2024, which addresses this vulnerability.

To mitigate the risk, system administrators should update all vulnerable agents to version 3.04 or higher as soon as possible. 

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free 

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...