CVE-2020-11799
Description
Z-Cron 5.6 Build 04 allows unprivileged users to modify privileged users' scheduled tasks, enabling privilege escalation via malicious payload execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Z-Cron 5.6 Build 04 allows unprivileged users to modify privileged users' scheduled tasks, enabling privilege escalation via malicious payload execution.
Vulnerability
Z-Cron 5.6 Build 04 suffers from insecure access control on scheduled tasks. Tasks are stored globally and can be modified by any user on the system, regardless of the task owner's privileges [1]. This allows an unprivileged user to alter a task created by a privileged user.
Exploitation
An attacker with local unprivileged access can modify an existing privileged user's scheduled task. The attacker changes the task's executable path to point to a malicious payload stored in a publicly accessible location (e.g., a network share) [1]. When the task executes (e.g., on a timer), it runs with the privileges of the original task owner, delivering a reverse shell or other payload. The reference demonstrates using msfvenom to generate a Meterpreter payload and listening with exploit/multi/handler [1].
Impact
Successful exploitation grants the attacker code execution in the context of the privileged user who created the task, leading to privilege escalation. If the malicious executable is placed in a location accessible to all users, every logged-in user will execute the task, potentially compromising multiple accounts [1].
Mitigation
No official patch has been released for Z-Cron 5.6 Build 04. As a workaround, restrict write access to Z-Cron's task storage location and ensure only trusted users can modify scheduled tasks. Consider using alternative task scheduling software with proper access controls [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Z-Cron/Z-Crondescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing access control on shared task objects allows any user to modify tasks created by any other user, including privileged users."
Attack vector
An unprivileged attacker opens the Z-Cron application and modifies an existing task that was created by a privileged user [ref_id=1]. The attacker changes the task's executable path to point to a payload (e.g., a Meterpreter shell) stored in a publicly accessible location [ref_id=1]. When the scheduled trigger fires, the task executes under the privileged user's credentials, giving the attacker a shell at that privilege level [ref_id=1]. If multiple users are logged into the system, each logged-in user will have the malicious task executed, producing multiple shells [ref_id=1].
Affected code
The advisory [ref_id=1] does not specify particular functions or file paths. The vulnerability exists in Z-Cron 5.6 Build 04's task management system, where tasks are stored globally and shared system-wide without access control checks when a user modifies a task.
What the fix does
No patch is published for this CVE. The advisory [ref_id=1] identifies the root cause as a lack of access control on globally shared tasks. The recommended remediation would be to implement per-user or role-based access controls so that only the task owner (or an administrator) can modify a task, preventing unprivileged users from altering privileged users' scheduled tasks.
Preconditions
- configZ-Cron must be installed and have at least one task created by a privileged user
- authAttacker must have local unprivileged access to the system and be able to run Z-Cron
- configThe privileged user's task must be scheduled to execute on a recurring trigger
- inputAttacker must place the payload executable in a location accessible to the privileged user account
Reproduction
1. As a privileged user, create a scheduled task in Z-Cron with a recurring trigger (e.g., every 5 minutes) and save it with the privileged user's credentials. 2. As an unprivileged user, open Z-Cron and modify that task, changing the executable path to a malicious payload (e.g., a Meterpreter shell generated with msfvenom) stored in a publicly accessible location. 3. Start a listener for the reverse shell. 4. When the scheduled trigger fires, the payload executes under the privileged user's credentials, and the attacker receives a shell. For every user logged into the system, a separate shell is received [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- blog.spookysec.net/zcron/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.