Lucene search

K
cvelistZscalerCVELIST:CVE-2023-41970
HistoryMay 02, 2024 - 1:10 p.m.

CVE-2023-41970 Repair App local code execution with arbitrary privileges

2024-05-0213:10:51
CWE-354
Zscaler
www.cve.org
zscaler client connector
windows
local execution of code
integrity check value vulnerability
repair app
arbitrary privileges

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

0.0004 Low

EPSS

Percentile

9.0%

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Client Connector",
    "vendor": "Zscaler",
    "versions": [
      {
        "lessThan": "4.1.0.62",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2023-41970