Password Validation Missing in Revert Password Check
CVE-2023-41972

7.3HIGH

Key Information:

Vendor: Zscaler
Status: Client Connector
Vendor: CVE Published:; 26 March 2024

🔔 Create Zscaler Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2023-41972?

A vulnerability has been identified in Zscaler's Win ZApp affecting its password validation mechanism within the Revert Password check. In specific scenarios, this critical validation check may be bypassed or disabled, which presents a risk of unauthorized access to user accounts. Users are strongly advised to upgrade to Win ZApp version 4.3.0.121 or later, which addresses this issue effectively. Timely patching is crucial for maintaining the security integrity of systems utilizing this application.

Affected Version(s)

Client Connector Windows 0 < 4.3.0.121

News Articles

Threat Intelligence Radar

CVE-2023-41969 CVE-2023-41972

Threat Intel Roundup: glibc, Anatsa, iconv, NahamCon – Threat Radar Intelligence

admin May 28, 2024 No Comments Technical Summary Zero-Interaction Local Privilege Escalation in...

CybersecurityNews

CVE-2023-41972 CVE-2023-41973

Zscaler Client Connector Zero-interaction Privilege Escalation Vulnerability

A new privilege escalation vulnerability has been discovered in Zscaler Client Connector which involves combining three different

thmubnail image

References

https://help.zscaler.com/client-connector/client-connecto...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by CybersecurityNews
May 28, 2024
Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Sep 6, 2023

Credit

Singapore GovTech Red Team

.