Local Execution of Code Vulnerability in Zscaler Client Connector on Windows

CVE-2023-41970

6MEDIUM

Key Information

Vendor: Zscaler
Status: Client Connector
Vendor: CVE Published:; 2 May 2024

Summary

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.

Affected Version(s)

Client Connector < 4.1.0.62

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 2, 2024
Vulnerability Reserved.
Sep 6, 2023

Collectors

NVD DatabaseMitre Database