Vulners
Lucene search
Zscaler Client Connector < 4.2.0.190 Multiple Vulnerabilities
| Reporter | Title | Published | Views | Family All 24 |
|---|---|---|---|---|
 | Zscaler Client Connector 安全漏洞 | 6 Aug 202400:00 | – | cnnvd |
 | CVE-2023-28806 | 6 Aug 202415:41 | – | cve |
| CVE-2024-23456 | 6 Aug 202415:21 | – | cve |
| CVE-2024-23458 | 6 Aug 202415:22 | – | cve |
 | CVE-2023-28806 Signature validation error in DLL allows disabling anti-tampering protection | 6 Aug 202415:41 | – | cvelist |
| CVE-2024-23456 Signature validation issue leads to Anti-Tampering bypass | 6 Aug 202415:21 | – | cvelist |
| CVE-2024-23458 Local Privilege Escalation on Zscaler Client Connector on Windows | 6 Aug 202415:22 | – | cvelist |
 | EUVD-2023-32441 | 3 Oct 202520:07 | – | euvd |
| EUVD-2024-20954 | 3 Oct 202520:07 | – | euvd |
| EUVD-2024-20956 | 3 Oct 202520:07 | – | euvd |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(265426);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/19");
script_cve_id("CVE-2023-28806", "CVE-2024-23456", "CVE-2024-23458");
script_xref(name:"IAVB", value:"2024-B-0102");
script_name(english:" Zscaler Client Connector < 4.2.0.190 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"Zscaler Client Connector installed on remote Windows host is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The version of Zscaler Client Connector installed on the remote Windows host is prior to 4.2.0.190. It is, therefore,
affected by multiple vulnerabilities.
- An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable
anti-tampering. This issue affects Client Connector on Windows < 4.2.0.190. (CVE-2023-28806)
- Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client
Connector < 4.2.0.190 with anti-tampering enabled. (CVE-2024-23456)
- While copying individual autoupdater log files, reparse point check was missing which could result into crafted
attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows
< 4.2.0.190. (CVE-2024-23458)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?70a8c00b");
script_set_attribute(attribute:"solution", value:
"Upgrade to Zscaler Client Connector version 4.2.0.190 or later.");
script_set_attribute(attribute:"agent", value:"windows");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-23458");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2024-23458");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/06");
script_set_attribute(attribute:"patch_publication_date", value:"2024/08/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:zscaler:client_connector");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("zscaler_client_connector_win_installed.nbin");
script_require_keys("installed_sw/Zscaler Client Connector", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Zscaler Client Connector', win_local:TRUE);
var constraints = [
{ 'fixed_version' : '4.2.0.190' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Sep 2025 00:00Current
5.6Medium risk
Vulners AI Score5.6
CVSS 3.17.8
EPSS0.00056
SSVC