Lucene search
ZscalerCVE-2024-23460HistoryAug 06, 2024 - 4:15 p.m.
CVE-2024-23460
2024-08-0616:15:47
CWE-347
Zscaler
web.nvd.nist.gov
5
zscaler updater
digital signature validation
arbitrary code
macos
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.6
Confidence
Low
EPSS
0
Percentile
9.5%
The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.
Affected configurations
Node
zscalerclient_connectorRange<4.2macos
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zscaler | client_connector | * | cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Client Connector",
"vendor": "Zscaler",
"versions": [
{
"lessThan": "4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-23460 Incorrect signature validation of package
2024-08-06 15:29:26
cvelist
cvelist
CVE-2024-23460 Incorrect signature validation of package
2024-08-06 15:29:26
nvd
nvd
CVE-2024-23460
2024-08-06 16:15:47
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.6
Confidence
Low
EPSS
0
Percentile
9.5%
Related for CVE-2024-23460