Lucene search

[email protected]NVD:CVE-2023-41973

HistoryMar 26, 2024 - 3:15 p.m.

CVE-2023-41973

2024-03-2615:15:48

CWE-22

[email protected]

web.nvd.nist.gov

zsatray

config parameter

traymanager

vulnerability

path construction

win zapp 4.3.0.121

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

0.0004 Low

EPSS

Percentile

10.6%

JSON

ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later.

References

help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

0.0004 Low

EPSS

Percentile

10.6%

JSON

Related for NVD:CVE-2023-41973

cve1 cvelist1