Lucene search

[email protected]CVE-2021-26736

HistoryOct 23, 2023 - 2:15 p.m.

CVE-2021-26736

2023-10-2314:15:09

CWE-20

CWE-22

[email protected]

web.nvd.nist.gov

zscaler

client connector

installer

uninstaller

windows

vulnerabilities

execution

privileges

code

nvd

cve-2021-26736

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.2%

JSON

Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.

Affected configurations

NVD

Node

zscalerclient_connectorRange<3.6windows

CPENameOperatorVersion
zscaler:client_connectorzscaler client connectorlt3.6

CPE	Name	Operator	Version
zscaler:client_connector	zscaler client connector	lt	3.6

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Client Connector",
    "vendor": "Zscaler",
    "versions": [
      {
        "lessThan": "3.6",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.2%

JSON

Related for CVE-2021-26736

cvelist1 prion1 nvd1