Missing reparse point check in Client Connector could lead to local privilege escalation
CVE-2024-23458
7.8HIGH
Key Information
- Vendor
- Zscaler
- Status
- Client Connector
- Vendor
- CVE Published:
- 6 August 2024
Summary
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190.
Affected Version(s)
Client Connector < 4.2.0.190
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Equinor Red Team