Local Execution of Code Vulnerability in Zscaler Client Connector on Windows
CVE-2023-41970

6MEDIUM

Key Information:

Vendor: Zscaler
Status: Client Connector
Vendor: CVE Published:; 2 May 2024

What is CVE-2023-41970?

A vulnerability has been identified in the Zscaler Client Connector on Windows that pertains to improper validation of integrity check values during the Repair App functionality. This flaw could potentially allow for local execution of code, which may expose systems to further attacks and security breaches. It is essential for users to ensure their systems are updated to versions 4.1.0.62 or later to safeguard against these vulnerabilities.

Affected Version(s)

Client Connector Windows 0 < 4.1.0.62

References

https://help.zscaler.com/client-connector/client-connecto...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2024
Vulnerability Reserved
Sep 6, 2023