Disable Anti-Tampering Without Signature Validation in Zscaler Client Connector
CVE-2024-23456

7.5HIGH

Key Information:

Vendor: Zscaler
Status: Client Connector
Vendor: CVE Published:; 6 August 2024

What is CVE-2024-23456?

A vulnerability exists in the Zscaler Client Connector software where anti-tampering mechanisms can be bypassed under specific conditions. This flaw affects versions prior to 4.2.0.190 when anti-tampering is enabled, potentially allowing unauthorized modifications without the necessary signature validation. Users of affected versions should assess their configurations and consider upgrading to mitigate potential security risks.

Affected Version(s)

Client Connector Windows 0 < 4.2.0.190

References

https://help.zscaler.com/client-connector/client-connecto...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Jan 17, 2024

Credit

Equinor Red Team