Zscaler Internet Access Vulnerability: Disable via PowerShell with Admin Rights
CVE-2024-23464

4.9MEDIUM

Key Information:

Vendor: Zscaler
Status: Client Connector
Vendor: CVE Published:; 6 August 2024

What is CVE-2024-23464?

In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1

Affected Version(s)

Client Connector Windows 0 < 4.2.1

References

https://help.zscaler.com/client-connector/client-connecto...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Jan 17, 2024

Credit

Randstad N.V. Red Team