Описание
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
Ссылки
- Release Notes
- Vendor Advisory
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.04 (исключая)
Одновременно
cpe:2.3:a:fortra:robot_schedule:*:*:*:*:enterprise:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00149
Низкий
7.3 High
CVSS3
Дефекты
CWE-276
CWE-276
Связанные уязвимости
CVSS3: 7.3
github
почти 2 года назад
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
EPSS
Процентиль: 36%
0.00149
Низкий
7.3 High
CVSS3
Дефекты
CWE-276
CWE-276