Local Execution of Code Vulnerability in Zscaler Client Connector on Windows
CVE-2023-41970
6MEDIUM
Key Information:
- Vendor
- Zscaler
- Status
- Client Connector
- Vendor
- CVE Published:
- 2 May 2024
Summary
A vulnerability has been identified in the Zscaler Client Connector on Windows that pertains to improper validation of integrity check values during the Repair App functionality. This flaw could potentially allow for local execution of code, which may expose systems to further attacks and security breaches. It is essential for users to ensure their systems are updated to versions 4.1.0.62 or later to safeguard against these vulnerabilities.
Affected Version(s)
Client Connector Windows 0 < 4.1.0.62
References
CVSS V3.1
Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved