Lucene search

[email protected]NVD:CVE-2024-23456

HistoryAug 06, 2024 - 4:15 p.m.

CVE-2024-23456

2024-08-0616:15:47

CWE-347

[email protected]

web.nvd.nist.gov

zscaler

client connector

anti-tampering

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

18.6%

JSON

Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled.

Affected configurations

Nvd

Node

zscalerclient_connectorRange<4.2.0.190windows

VendorProductVersionCPE
zscalerclient_connector*cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
zscaler	client_connector	*	cpe:2.3:a:zscaler:client_connector::::::windows::*

References

help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

18.6%

JSON

Related for NVD:CVE-2024-23456

vulnrichment1 cvelist1 cve1