294 matches found
CVE-2023-28806
An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows 4.2.0.190...
CVE-2023-28806 Signature validation error in DLL allows disabling anti-tampering protection
An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows 4.2.0.190...
CVE-2023-28806
Summary of CVE-2023-28806 (Zscaler Client Connector, Windows): The issue is an improper validation of the signature in Zscaler Client Connector on Windows, which allows an authenticated user to disable anti-tampering. Affected are Client Connector versions prior to 4.2.0.190. The CVE impacts the ...
CVE-2023-28806 Signature validation error in DLL allows disabling anti-tampering protection
An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows 4.2.0.190...
CVE-2024-23483 Local Privilege Escalation via lack of input validation
An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS 4.2...
CVE-2024-23483 Local Privilege Escalation via lack of input validation
An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS 4.2...
CVE-2024-23464 Zscaler bypass with administrative privileges on Windows
In certain cases, Zscaler Internet Access ZIA can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows 4.2.1...
CVE-2024-23464 Zscaler bypass with administrative privileges on Windows
In certain cases, Zscaler Internet Access ZIA can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows 4.2.1...
CVE-2024-23458 Local Privilege Escalation on Zscaler Client Connector on Windows
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows 4.2.0.190...
CVE-2024-23458 Local Privilege Escalation on Zscaler Client Connector on Windows
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows 4.2.0.190...
CVE-2024-23458
Summary (CVE-2024-23458): A missing reparse point check while copying individual autoupdater log files allows crafted attacks that could enable local privilege escalation on Zscaler Client Connector for Windows versions prior to 4.2.0.190 . Affected component is the autoupdater/log handling path;...
CVE-2024-23456 Signature validation issue leads to Anti-Tampering bypass
Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector 4.2.0.190 with anti-tampering enabled...
CVE-2024-23456
The CVE-2024-23456 issue affects Zscaler Client Connector on Windows prior to 4.2.0.190. The root cause is that anti-tampering can be disabled under certain conditions without signature validation, potentially enabling tampering with protection. The vulnerability is characterized with high impact...
PT-2024-19880 · Zscaler · Zscaler Client Connector
Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.2.0.190 Description: The issue is related to a missing reparse point check while copying individual autoupdater log files. This could result in crafted attacks, potentially leading to a local...
Zscaler Client Connector 安全漏洞
Zscaler Client Connector is a lightweight agent from Zscaler, Inc. A security vulnerability exists in Zscaler Client Connector versions prior to 4.2.0.190, which originates from disabling tamper protection without signature verification...
PT-2024-19878 · Zscaler · Zscaler Client Connector
Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.2.0.190 Description: The issue allows anti-tampering to be disabled under certain conditions without signature validation. It is being actively exploited in the wild, and users should check their...
PT-2024-19883 · Zscaler · Zscaler Client Connector
Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.2 Description: The issue arises from the Zscaler Updater process not validating the digital signature of the installer before execution. This allows arbitrary code to be locally executed...
Zscaler Client Connector 安全漏洞
Zscaler Client Connector is a lightweight agent from Zscaler, Inc. A security vulnerability exists in Zscaler Client Connector versions prior to 4.2.1, which stems from the fact that it can be disabled via a PowerShell command with administrator privileges...
PT-2024-12178 · Zscaler · Zscaler Client Connector
Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector on Windows versions prior to 4.2.0.190 Description: The issue is related to an improper validation of signature, allowing an authenticated user to disable anti-tampering. Recommendations: For versions prior to...
Zscaler Client Connector 安全漏洞
Zscaler Client Connector is a lightweight agent from Zscaler, Inc. A security vulnerability exists in Zscaler Client Connector versions prior to 4.2, which originates from not verifying the digital signature of the installer, allowing arbitrary code to be executed locally...