Fortra’s Robot Schedule Enterprise Agent permits a low-privileged user to elevate privileges to the local system level.
The problem arises from the agent’s failure to adequately secure its service executable, which an attacker can exploit by swapping out the executable for a malicious one.
As a result, the malicious code will run with elevated privileges when the service restarts, allowing unauthorized access to the system.
In versions of Fortra’s Robot Schedule Enterprise Agent for Windows prior to version 3.04, there is a vulnerability known as CVE-2024-0259 that allows a low-privileged user to overwrite the service executable with their own malicious code and also allows for enhanced privileges.
It is also crucial since it gives the attacker considerable control over the system.
Upon service restart, the overwritten executable executes with local system privileges, giving the attacker escalated privileges on the system.
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.
An attacker with low privileges can exploit the vulnerability to gain complete control over the system.
The agent’s service executable is vulnerable to overwriting, which is the source of the vulnerability.
An attacker can deceive the system into executing their code with the highest level of privileges (local system) when the service restarts by substituting a malicious executable for the original one, giving the attacker full access to all of the system’s resources.
In Windows versions before 3.04, Fortra’s Robot Schedule Enterprise Agent is susceptible to privilege escalation. This vulnerability enables a user with low privileges to replace the service executable with malicious code.
When the service restarts, the overwritten program runs with local system privileges, giving the attacker elevated access to the compromised system.
This vulnerability, which falls under CWE-276: Incorrect Default Permissions, underscores the significance of establishing suitable access controls for executables.
Fortra’s Robot Schedule Enterprise Agent for Windows versions before 3.04 was found to have a critical privilege escalation vulnerability (CVE-2024-0259) on December 7th, 2023.
The vulnerability has a high exploitability and potential impact, earning it a CVSSv3.1 score of 7.3.
An attacker with low privileges could use it to overwrite a legitimate service executable and then run arbitrary code with system privileges.
Fortra released version 3.04 on March 20th, 2024, which addresses this vulnerability.
To mitigate the risk, system administrators should update all vulnerable agents to version 3.04 or higher as soon as possible.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…
Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals,…