Lucene search
+L

294 matches found

OSV
OSV
added 2024/08/06 4:15 p.m.6 views

CVE-2023-28806

An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows 4.2.0.190...

6.5CVSS5.8AI score0.00188EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/06 3:41 p.m.11 views

CVE-2023-28806 Signature validation error in DLL allows disabling anti-tampering protection

An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows 4.2.0.190...

5.7CVSS7AI score0.00188EPSS
Exploits0References1
CVE
CVE
added 2024/08/06 3:41 p.m.39 views

CVE-2023-28806

Summary of CVE-2023-28806 (Zscaler Client Connector, Windows): The issue is an improper validation of the signature in Zscaler Client Connector on Windows, which allows an authenticated user to disable anti-tampering. Affected are Client Connector versions prior to 4.2.0.190. The CVE impacts the ...

6.5CVSS7AI score0.00188EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/08/06 3:41 p.m.18 views

CVE-2023-28806 Signature validation error in DLL allows disabling anti-tampering protection

An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows 4.2.0.190...

5.7CVSS0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/06 3:30 p.m.30 views

CVE-2024-23483 Local Privilege Escalation via lack of input validation

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS 4.2...

7CVSS0.00748EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/06 3:30 p.m.27 views

CVE-2024-23483 Local Privilege Escalation via lack of input validation

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS 4.2...

7CVSS7.3AI score0.00748EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/06 3:24 p.m.22 views

CVE-2024-23464 Zscaler bypass with administrative privileges on Windows

In certain cases, Zscaler Internet Access ZIA can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows 4.2.1...

7.2CVSS7.4AI score0.00431EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/06 3:24 p.m.34 views

CVE-2024-23464 Zscaler bypass with administrative privileges on Windows

In certain cases, Zscaler Internet Access ZIA can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows 4.2.1...

7.2CVSS0.00431EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/06 3:22 p.m.29 views

CVE-2024-23458 Local Privilege Escalation on Zscaler Client Connector on Windows

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows 4.2.0.190...

7.3CVSS0.00115EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/06 3:22 p.m.20 views

CVE-2024-23458 Local Privilege Escalation on Zscaler Client Connector on Windows

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows 4.2.0.190...

7.3CVSS6.8AI score0.00115EPSS
Exploits0References1
CVE
CVE
added 2024/08/06 3:22 p.m.45 views

CVE-2024-23458

Summary (CVE-2024-23458): A missing reparse point check while copying individual autoupdater log files allows crafted attacks that could enable local privilege escalation on Zscaler Client Connector for Windows versions prior to 4.2.0.190 . Affected component is the autoupdater/log handling path;...

7.8CVSS7AI score0.00115EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/06 3:21 p.m.18 views

CVE-2024-23456 Signature validation issue leads to Anti-Tampering bypass

Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector 4.2.0.190 with anti-tampering enabled...

7.8CVSS7.2AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2024/08/06 3:21 p.m.37 views

CVE-2024-23456

The CVE-2024-23456 issue affects Zscaler Client Connector on Windows prior to 4.2.0.190. The root cause is that anti-tampering can be disabled under certain conditions without signature validation, potentially enabling tampering with protection. The vulnerability is characterized with high impact...

7.8CVSS7.2AI score0.00226EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.6 views

PT-2024-19880 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.2.0.190 Description: The issue is related to a missing reparse point check while copying individual autoupdater log files. This could result in crafted attacks, potentially leading to a local...

7.8CVSS7AI score0.00115EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/06 12:0 a.m.5 views

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is a lightweight agent from Zscaler, Inc. A security vulnerability exists in Zscaler Client Connector versions prior to 4.2.0.190, which originates from disabling tamper protection without signature verification...

7.8CVSS6.6AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.4 views

PT-2024-19878 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.2.0.190 Description: The issue allows anti-tampering to be disabled under certain conditions without signature validation. It is being actively exploited in the wild, and users should check their...

7.8CVSS7.2AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.5 views

PT-2024-19883 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.2 Description: The issue arises from the Zscaler Updater process not validating the digital signature of the installer before execution. This allows arbitrary code to be locally executed...

7.8CVSS7.8AI score0.00126EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/06 12:0 a.m.4 views

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is a lightweight agent from Zscaler, Inc. A security vulnerability exists in Zscaler Client Connector versions prior to 4.2.1, which stems from the fact that it can be disabled via a PowerShell command with administrator privileges...

7.2CVSS6.8AI score0.00431EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.6 views

PT-2024-12178 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector on Windows versions prior to 4.2.0.190 Description: The issue is related to an improper validation of signature, allowing an authenticated user to disable anti-tampering. Recommendations: For versions prior to...

6.5CVSS7AI score0.00188EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/06 12:0 a.m.5 views

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is a lightweight agent from Zscaler, Inc. A security vulnerability exists in Zscaler Client Connector versions prior to 4.2, which originates from not verifying the digital signature of the installer, allowing arbitrary code to be executed locally...

7.8CVSS7.2AI score0.00126EPSS
Exploits0References2
Rows per page
Query Builder