Search criteria
6 vulnerabilities found for robot_schedule by fortra
FKIE_CVE-2024-8264
Vulnerability from fkie_nvd - Published: 2024-10-09 23:15 - Updated: 2024-10-17 14:06
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortra | robot_schedule | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortra:robot_schedule:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "44ADDC12-9EA8-4BA4-9D76-57FC4A558367",
"versionEndExcluding": "3.05",
"versionStartIncluding": "1.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fortra\u0027s Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled."
},
{
"lang": "es",
"value": "Fortra\u0027s Robot Schedule Enterprise Agent anterior a la versi\u00f3n 3.05 escribe la informaci\u00f3n de nombre de usuario y contrase\u00f1a de FTP en el archivo de registro del agente cuando est\u00e1 habilitado el registro detallado."
}
],
"id": "CVE-2024-8264",
"lastModified": "2024-10-17T14:06:39.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-09T23:15:11.093",
"references": [
{
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"tags": [
"Release Notes"
],
"url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
},
{
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fortra.com/security/advisories/product-security/fi-2024-012"
}
],
"sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-0259
Vulnerability from fkie_nvd - Published: 2024-03-28 15:15 - Updated: 2025-04-09 15:42
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortra | robot_schedule | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortra:robot_schedule:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "EDE170B1-FE55-472F-B9EC-4F823D4B4816",
"versionEndExcluding": "3.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fortra\u0027s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\n\n"
},
{
"lang": "es",
"value": "El Robot Schedule Enterprise Agent de Fortra para Windows anterior a la versi\u00f3n 3.04 es susceptible a una escalada de privilegios. Un usuario con pocos privilegios puede sobrescribir el ejecutable del servicio. Cuando se reinicia el servicio, el binario reemplazado se ejecuta con privilegios del sistema local, lo que permite que un usuario con pocos privilegios obtenga permisos elevados."
}
],
"id": "CVE-2024-0259",
"lastModified": "2025-04-09T15:42:22.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-28T15:15:46.180",
"references": [
{
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"tags": [
"Release Notes"
],
"url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
},
{
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fortra.com/security/advisory/fi-2024-005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fortra.com/security/advisory/fi-2024-005"
}
],
"sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-8264 (GCVE-0-2024-8264)
Vulnerability from cvelistv5 – Published: 2024-10-09 22:44 – Updated: 2024-10-10 20:16
VLAI?
Title
Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05
Summary
Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.
Severity ?
5.5 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortra | Robot Schedule Enterprise |
Affected:
1.24 , < 3.05
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortra:robot_schedule_enterprise:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "robot_schedule_enterprise",
"vendor": "fortra",
"versions": [
{
"lessThan": "3.05",
"status": "affected",
"version": "1.24",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:14:28.286053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:16:18.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Robot Schedule Enterprise",
"vendor": "Fortra",
"versions": [
{
"lessThan": "3.05",
"status": "affected",
"version": "1.24",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFortra\u0027s Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.\u003c/span\u003e"
}
],
"value": "Fortra\u0027s Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled."
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T22:44:35.429Z",
"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"shortName": "Fortra"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.fortra.com/security/advisories/product-security/fi-2024-012"
},
{
"tags": [
"release-notes"
],
"url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisable detailed logging for FTP and remove any sensitive log files. After upgrading to Robot Schedule Enterprise 3.05, detailed logging for FTP can be re-enabled as the username and password will no longer be written to the agent log.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Disable detailed logging for FTP and remove any sensitive log files. After upgrading to Robot Schedule Enterprise 3.05, detailed logging for FTP can be re-enabled as the username and password will no longer be written to the agent log."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisable detailed logging for FTP if it was previously enabled and remove any sensitive log files. NOTE: if detailed logging is not enabled, there is no exposure to this issue.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Disable detailed logging for FTP if it was previously enabled and remove any sensitive log files. NOTE: if detailed logging is not enabled, there is no exposure to this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"assignerShortName": "Fortra",
"cveId": "CVE-2024-8264",
"datePublished": "2024-10-09T22:44:35.429Z",
"dateReserved": "2024-08-28T15:44:42.812Z",
"dateUpdated": "2024-10-10T20:16:18.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0259 (GCVE-0-2024-0259)
Vulnerability from cvelistv5 – Published: 2024-03-28 14:31 – Updated: 2024-08-01 17:41
VLAI?
Title
Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04
Summary
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
Severity ?
7.3 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortra | Robot Schedule Enterprise Agent |
Affected:
2.0 , < 3.04
(semver)
|
Credits
Travis Dotseth, Prime Therapeutics
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortra:robot_schedule_enterprise_agent:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robot_schedule_enterprise_agent",
"vendor": "fortra",
"versions": [
{
"lessThan": "3.04",
"status": "affected",
"version": "2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T15:55:02.721553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T20:50:22.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fortra.com/security/advisory/fi-2024-005"
},
{
"tags": [
"x_transferred"
],
"url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Robot Schedule Enterprise Agent",
"vendor": "Fortra",
"versions": [
{
"lessThan": "3.04",
"status": "affected",
"version": "2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Travis Dotseth, Prime Therapeutics"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fortra\u0027s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Fortra\u0027s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-28T14:31:07.986Z",
"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"shortName": "Fortra"
},
"references": [
{
"url": "https://www.fortra.com/security/advisory/fi-2024-005"
},
{
"url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade Robot Schedule Enterprise agents for Windows to version 3.04 or higher."
}
],
"value": "Upgrade Robot Schedule Enterprise agents for Windows to version 3.04 or higher."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"assignerShortName": "Fortra",
"cveId": "CVE-2024-0259",
"datePublished": "2024-03-28T14:31:07.986Z",
"dateReserved": "2024-01-05T23:59:37.995Z",
"dateUpdated": "2024-08-01T17:41:16.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8264 (GCVE-0-2024-8264)
Vulnerability from nvd – Published: 2024-10-09 22:44 – Updated: 2024-10-10 20:16
VLAI?
Title
Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05
Summary
Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.
Severity ?
5.5 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortra | Robot Schedule Enterprise |
Affected:
1.24 , < 3.05
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortra:robot_schedule_enterprise:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "robot_schedule_enterprise",
"vendor": "fortra",
"versions": [
{
"lessThan": "3.05",
"status": "affected",
"version": "1.24",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:14:28.286053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:16:18.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Robot Schedule Enterprise",
"vendor": "Fortra",
"versions": [
{
"lessThan": "3.05",
"status": "affected",
"version": "1.24",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFortra\u0027s Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.\u003c/span\u003e"
}
],
"value": "Fortra\u0027s Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled."
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T22:44:35.429Z",
"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"shortName": "Fortra"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.fortra.com/security/advisories/product-security/fi-2024-012"
},
{
"tags": [
"release-notes"
],
"url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisable detailed logging for FTP and remove any sensitive log files. After upgrading to Robot Schedule Enterprise 3.05, detailed logging for FTP can be re-enabled as the username and password will no longer be written to the agent log.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Disable detailed logging for FTP and remove any sensitive log files. After upgrading to Robot Schedule Enterprise 3.05, detailed logging for FTP can be re-enabled as the username and password will no longer be written to the agent log."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisable detailed logging for FTP if it was previously enabled and remove any sensitive log files. NOTE: if detailed logging is not enabled, there is no exposure to this issue.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Disable detailed logging for FTP if it was previously enabled and remove any sensitive log files. NOTE: if detailed logging is not enabled, there is no exposure to this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"assignerShortName": "Fortra",
"cveId": "CVE-2024-8264",
"datePublished": "2024-10-09T22:44:35.429Z",
"dateReserved": "2024-08-28T15:44:42.812Z",
"dateUpdated": "2024-10-10T20:16:18.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0259 (GCVE-0-2024-0259)
Vulnerability from nvd – Published: 2024-03-28 14:31 – Updated: 2024-08-01 17:41
VLAI?
Title
Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04
Summary
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
Severity ?
7.3 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortra | Robot Schedule Enterprise Agent |
Affected:
2.0 , < 3.04
(semver)
|
Credits
Travis Dotseth, Prime Therapeutics
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortra:robot_schedule_enterprise_agent:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robot_schedule_enterprise_agent",
"vendor": "fortra",
"versions": [
{
"lessThan": "3.04",
"status": "affected",
"version": "2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T15:55:02.721553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T20:50:22.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fortra.com/security/advisory/fi-2024-005"
},
{
"tags": [
"x_transferred"
],
"url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Robot Schedule Enterprise Agent",
"vendor": "Fortra",
"versions": [
{
"lessThan": "3.04",
"status": "affected",
"version": "2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Travis Dotseth, Prime Therapeutics"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fortra\u0027s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Fortra\u0027s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-28T14:31:07.986Z",
"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"shortName": "Fortra"
},
"references": [
{
"url": "https://www.fortra.com/security/advisory/fi-2024-005"
},
{
"url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade Robot Schedule Enterprise agents for Windows to version 3.04 or higher."
}
],
"value": "Upgrade Robot Schedule Enterprise agents for Windows to version 3.04 or higher."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"assignerShortName": "Fortra",
"cveId": "CVE-2024-0259",
"datePublished": "2024-03-28T14:31:07.986Z",
"dateReserved": "2024-01-05T23:59:37.995Z",
"dateUpdated": "2024-08-01T17:41:16.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}