Lucene search

K
cve[email protected]CVE-2021-26737
HistoryOct 23, 2023 - 2:15 p.m.

CVE-2021-26737

2023-10-2314:15:09
CWE-346
web.nvd.nist.gov
12
zscaler
client connector
macos
vulnerability
cve-2021-26737
rpc
race condition
nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition.

Affected configurations

NVD
Node
zscalerclient_connectorRange<3.6macos

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Client Connector",
    "vendor": "Zscaler",
    "versions": [
      {
        "lessThan": "3.6",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVE-2021-26737