Local Execution of Code Vulnerability in Zscaler Client Connector on Windows
CVE-2023-41970

6MEDIUM

Key Information:

Vendor: Zscaler
Status: Client Connector
Vendor: CVE Published:; 2 May 2024

What is CVE-2023-41970?

A vulnerability has been identified in the Zscaler Client Connector on Windows that pertains to improper validation of integrity check values during the Repair App functionality. This flaw could potentially allow for local execution of code, which may expose systems to further attacks and security breaches. It is essential for users to ensure their systems are updated to versions 4.1.0.62 or later to safeguard against these vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Client Connector Windows 0 < 4.1.0.62

References

https://help.zscaler.com/client-connector/client-connecto...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2024
Vulnerability Reserved
Sep 6, 2023

JSON

Zscaler

What is CVE-2023-41970?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.