Lucene search

[email protected]NVD:CVE-2024-23458

HistoryAug 06, 2024 - 4:15 p.m.

CVE-2024-23458

2024-08-0616:15:47

CWE-346

[email protected]

web.nvd.nist.gov

autoupdater log files

reparse point check

crafted attacks

local privilege escalation

zscaler client connector

windows security

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190.

Affected configurations

Nvd

Node

zscalerclient_connectorRange<4.2.0.190windows

VendorProductVersionCPE
zscalerclient_connector*cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
zscaler	client_connector	*	cpe:2.3:a:zscaler:client_connector::::::windows::*

References

help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

Related for NVD:CVE-2024-23458

vulnrichment1 cve1 cvelist1