Lucene search

ZscalerCVE-2023-41972

HistoryMar 26, 2024 - 3:15 p.m.

CVE-2023-41972

2024-03-2615:15:48

CWE-269

Zscaler

web.nvd.nist.gov

password validation

revert password

feature disablement

win zapp 4.3.0.121

security vulnerability

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

Confidence

Low

EPSS

Percentile

9.0%

JSON

In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Client Connector",
    "vendor": "Zscaler",
    "versions": [
      {
        "lessThan": "4.3.0.121",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-41972