Lucene search
K
ZscalerClient Connector

41 matches found

CVE
CVE
added 2024/05/06 6:31 p.m.368 views

CVE-2024-3661

CVE-2024-3661 – Summary : DHCP can inject routes via option 121 in the classless static route option, enabling an attacker on the same LAN to cause VPN traffic to leak onto the physical interface. This affects NetworkManager-based VPN setups where routes aren’t strictly bound to VPN interfaces. I...

7.6CVSS7.3AI score0.04063EPSS
CVE
CVE
added 2024/03/26 2:14 p.m.81 views

CVE-2023-41969

The CVE-2023-41969 entry describes an arbitrary file deletion vulnerability in ZSATrayManager used by Zscaler Client Connector (Win ZApp). Affected component is ZSATrayManager within Zscaler ZApp prior to version 4.3.0; the underlying issue is that it protects the temporary encrypted ZApp issue r...

7.3CVSS7.2AI score0.00307EPSS
CVE
CVE
added 2024/05/01 4:26 p.m.75 views

CVE-2024-23457

Zscaler Client Connector for Windows is affected before version 4.2.0.209. The anti-tampering feature can be disabled under certain conditions when an uninstall password is enforced, exposing a total-impact issue (per CVE-2024-23457, base score 7.8). Affected component: the tamper-resistance mech...

7.8CVSS6.9AI score0.00204EPSS
CVE
CVE
added 2024/05/01 4:27 p.m.70 views

CVE-2024-23480

CVE-2024-23480 affects Zscaler Client Connector on macOS prior to version 4.2. The vulnerability arises from a fallback mechanism in code-sign checking that could allow arbitrary code execution. Impact is described in sources as potentially total for exploitation paths, with local/low complexity ...

9.8CVSS7.4AI score0.00301EPSS
CVE
CVE
added 2024/05/02 1:11 p.m.68 views

CVE-2024-23462

Affected software: Zscaler Client Connector on macOS. Vulnerability type: Improper validation of the Integrity Check Value. Impact: Denial of service to the Client Connector binary, removing client functionality (pre-3.4). Versions impacted: before 3.4. Evidence/what is stated: The CVE entry and ...

7.5CVSS6.9AI score0.00191EPSS
CVE
CVE
added 2023/10/23 1:30 p.m.67 views

CVE-2023-28797

CVE-2023-28797 affects Zscaler Client Connector for Windows prior to version 4.1. The vulnerability arises from how the client writes/deletes a configuration file inside specific folders on disk, allowing a local attacker to replace the folder and execute code with elevated privileges. Impact is ...

7.3CVSS6.8AI score0.00217EPSS
CVE
CVE
added 2023/11/21 10:51 a.m.67 views

CVE-2023-28802

Zscaler Client Connector for Windows is affected by CVE-2023-28802 due to improper validation of integrity check values. An authenticated user can disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. Affected versions are prior to 4.2.0.149. Remediation: upgrade to 4.2.0....

5.4CVSS5.5AI score0.00227EPSS
CVE
CVE
added 2024/04/30 4:17 p.m.67 views

CVE-2024-23463

CVE-2024-23463 affects Zscaler Client Connector on Windows prior to 4.2.1. The anti-tampering protection can be bypassed when using the Repair App functionality, per connected sources (e.g., PT-2024-19886 and RH/CVE-2024-23463). Root cause is bypass of the built-in tamper protection during Repair...

8.8CVSS6.8AI score0.00371EPSS
CVE
CVE
added 2024/03/26 2:19 p.m.66 views

CVE-2023-41973

The CVE-2023-41973 affects Zscaler Client Connector (ZSATray) on Windows, where a config parameter previousInstallerName is passed to TrayManager. TrayManager then constructs a path by appending this value, enabling a potential path construction/assembly issue that can lead to executing a crafted...

7.8CVSS7.2AI score0.00313EPSS
CVE
CVE
added 2023/10/23 1:21 p.m.63 views

CVE-2021-26736

CVE-2021-26736 concerns Zscaler Client Connector Installer and Uninstaller for Windows prior to version 3.6. The vulnerability allows a local attacker to execute binaries from a low-privilege path, potentially gaining SYSTEM privileges. Affected component: the Windows installer/uninstaller. Root ...

7.8CVSS7.2AI score0.00225EPSS
CVE
CVE
added 2024/03/26 2:23 p.m.61 views

CVE-2024-23482

CVE-2024-23482 describes a local privilege escalation in the ZScalerService process of Zscaler Client Connector for macOS. Affected: Zscaler Mac ZApp versions prior to 4.2.0.241. Root cause: local privilege escalation in ZScalerService. Impact is high for confidentiality, integrity, and availabil...

7.8CVSS7AI score0.00275EPSS
CVE
CVE
added 2024/05/02 1:11 p.m.60 views

CVE-2023-41971

CVE-2023-41971 is a Windows-specific vulnerability in Zscaler Client Connector prior to 3.7, caused by improper link resolution before file access (link following). This can allow overwriting a system file, with CVSSv3.1 metrics indicating local access, low attack complexity, and high impact on c...

7.8CVSS6.8AI score0.00187EPSS
CVE
CVE
added 2021/07/15 7:18 p.m.59 views

CVE-2020-11634

CVE-2020-11634 affects the Zscaler Client Connector for Windows prior to version 2.1.2.105. The vulnerability is a DLL hijacking issue arising from the OpenSSL configuration, enabling a local adversary to execute arbitrary code in the SYSTEM context. The affected component is the Windows client (...

7.8CVSS7.7AI score0.00465EPSS
CVE
CVE
added 2024/03/26 2:16 p.m.59 views

CVE-2023-41972

The CVE-2023-41972 issue affects Zscaler Client Connector/Win ZApp where a password-type validation is missing in the Revert Password check, and in some features this check could be disabled. Connected sources confirm vulnerable versions are prior to 4.3.0.121 and that the fixed version is 4.3.0....

7.8CVSS7.3AI score0.00236EPSS
CVE
CVE
added 2024/05/02 1:11 p.m.59 views

CVE-2024-23459

CVE-2024-23459 affects Zscaler Client Connector on macOS prior to 3.7. It is an Improp er Link Resolution Before File Access (Link Following) vulnerability that allows overwriting a system file. Root cause cited: incorrect link resolution before file access. Impact described in the sources as hig...

9.8CVSS6.7AI score0.00474EPSS
CVE
CVE
added 2024/05/02 1:11 p.m.59 views

CVE-2024-23461

CVE-2024-23461 affects Zscaler Client Connector on macOS prior to 3.4. The issue is an improper validation of integrity check values during the upgrade process, which may allow local code execution. Affected product: Zscaler Client Connector for macOS (pre-3.4). Impact per provided details: local...

5.5CVSS7AI score0.0011EPSS
CVE
CVE
added 2024/05/02 1:10 p.m.57 views

CVE-2023-41970

CVE-2023-41970 affects Zscaler Client Connector on Windows prior to 4.1.0.62. The root cause is improper validation of the Integrity Check Value during the Repair App functionality, which may allow local code execution with elevated privileges. Impact is described as local code execution with arb...

7.8CVSS7.1AI score0.0011EPSS
CVE
CVE
added 2023/10/23 1:24 p.m.55 views

CVE-2021-26738

CVE-2021-26738 affects Zscaler Client Connector for macOS prior to 3.7. It is an unquoted search path vulnerability via the PATH variable, enabling a local attacker to execute code with root privileges. Documented impact is privileged code execution (local, with LOW user interaction). The CVE ent...

7.8CVSS7.6AI score0.00228EPSS
CVE
CVE
added 2021/02/16 7:37 p.m.54 views

CVE-2020-11635

CVE-2020-11635 affects Zscaler Client Connector prior to 3.1.0. The issue is insufficient validation of RPC clients, allowing a local adversary to execute code with system privileges or perform privileged actions. Affected component is the client connector’s RPC handling; impact is described as c...

7.8CVSS7.7AI score0.00429EPSS
CVE
CVE
added 2024/05/02 1:10 p.m.54 views

CVE-2023-28798

CVE-2023-28798 relates to Zscaler Client Connector on macOS, where the pacparser library contains an out-of-bounds write to the heap in a way that may lead to arbitrary code execution. Affected software is Zscaler Client Connector (Mac) using pacparser; root cause is a heap out-of-bounds write. P...

9.8CVSS7.7AI score0.00435EPSS
CVE
CVE
added 2024/08/06 3:24 p.m.54 views

CVE-2024-23464

CVE-2024-23464 affects Zscaler Client Connector on Windows prior to 4.2.1. The issue is described as improper preservation of permissions, enabling an attacker with admin rights to run PowerShell commands that can disable Zscaler Internet Access (ZIA) covered by the affected client. The vulnerabi...

7.2CVSS7.4AI score0.00431EPSS
CVE
CVE
added 2021/07/15 7:18 p.m.52 views

CVE-2020-11632

The CVE-2020-11632 vulnerability affects Zscaler Client Connector prior to version 2.1.2.150. The root cause is failure to quote the search path for services, enabling a local attacker to execute code with SYSTEM privileges. Affected versions are pre-2.1.2.150; upgrade to 2.1.2.150 or newer (per ...

7.8CVSS7.7AI score0.00318EPSS
CVE
CVE
added 2023/10/23 1:28 p.m.49 views

CVE-2023-28796

CVE-2023-28796 affects Zscaler Client Connector for Linux prior to 1.3.1.6. The issue is an improper verification of the cryptographic signature that allows code injection. Impact is described as high confidentiality/integrity/availability concerns, with local attack vector and no user interactio...

7.8CVSS7.3AI score0.0018EPSS
CVE
CVE
added 2023/10/23 1:26 p.m.48 views

CVE-2023-28793

CVE-2023-28793: A heap-based buffer overflow in the signelf library used by Zscaler Client Connector for Linux allows code injection. Affected: Zscaler Client Connector for Linux prior to 1.3.1.6. Exploitation requires local access (local vector) with low privileges. Root cause: overflow in signe...

7.8CVSS7.9AI score0.003EPSS
CVE
CVE
added 2023/10/23 1:27 p.m.47 views

CVE-2023-28795

CVE-2023-28795 concerns Zscaler Client Connector for Linux prior to 1.3.1.6. The issue is described as an Origin Validation Error that allows inclusion of code in an existing process. Affected software is Zscaler Client Connector for Linux; root cause details indicate a failure in validating the ...

7.8CVSS7.7AI score0.00147EPSS
CVE
CVE
added 2021/07/15 5:1 p.m.46 views

CVE-2020-11633

The CVE refers to Zscaler Client Connector for Windows prior to version 2.1.2.74, which is affected by a stack-based buffer overflow when connecting to misconfigured TLS servers. Root cause: improper handling of TLS server responses leading to potential arbitrary code execution with system privil...

10CVSS9.9AI score0.01891EPSS
CVE
CVE
added 2023/10/23 1:19 p.m.45 views

CVE-2021-26735

The CVE-2021-26735 issue affects Zscaler Client Connector Installer and Uninstallers for Windows prior to version 3.6. The root cause is an unquoted search path vulnerability in the installer/uninstaller executables, enabling a local attacker to execute code with SYSTEM privileges. Impact is exec...

7.8CVSS7.1AI score0.00131EPSS
CVE
CVE
added 2023/10/23 1:32 p.m.44 views

CVE-2023-28803

CVE-2023-28803 (Zscaler Client Connector, Windows) affects Zscaler Client Connector versions prior to 3.9. The issue is an authentication bypass via spoofing of a device with a synthetic IP address, enabling a functionality bypass. Connected sources specify the affected product and version range,...

6.5CVSS6.2AI score0.00261EPSS
CVE
CVE
added 2026/03/31 2:54 p.m.44 views

CVE-2026-22569

The CVE-2026-22569 entry refers to an incorrect startup configuration in Windows deployments of Zscaler Client Connector, affecting limited traffic inspection under rare conditions. Affected software: Zscaler Client Connector for Windows. Vulnerable component/behavior: startup configuration that ...

5.4CVSS5.9AI score0.00178EPSS
CVE
CVE
added 2023/10/23 1:33 p.m.43 views

CVE-2023-28805

CVE-2023-28805 affects Zscaler Client Connector on Linux prior to 1.4.0.105 due to improper input validation, enabling privilege escalation. Remediation: update to version 1.4.0.105 or later. Exploitation details are not provided in the supplied sources.

9.8CVSS8.1AI score0.00348EPSS
CVE
CVE
added 2024/08/06 3:22 p.m.43 views

CVE-2024-23458

Summary (CVE-2024-23458): A missing reparse point check while copying individual autoupdater log files allows crafted attacks that could enable local privilege escalation on Zscaler Client Connector for Windows versions prior to 4.2.0.190 . Affected component is the autoupdater/log handling path;...

7.8CVSS7AI score0.00115EPSS
CVE
CVE
added 2023/10/23 1:18 p.m.42 views

CVE-2021-26734

Affected software: Zscaler Client Connector Installer on Windows

5.5CVSS4.8AI score0.00142EPSS
CVE
CVE
added 2023/11/06 7:19 a.m.42 views

CVE-2023-28794

CVE-2023-28794 concerns an Origin Validation Error in Zscaler Client Connector for Linux prior to version 1.3.1.6 . Multiple connected sources (e.g., PT-2023-21970, RH, NVD, Red Hat, CNNVD mirrors) describe a vulnerability that could permit privilege abuse due to faulty origin validation. Affecte...

6.5CVSS5.1AI score0.00203EPSS
CVE
CVE
added 2024/08/06 3:30 p.m.41 views

CVE-2024-23483

CVE-2024-23483 concerns Zscaler Client Connector for macOS prior to 4.2, where an improper input validation vulnerability enables OS command injection . The issue affects the macOS client (versions

9.8CVSS7.3AI score0.00748EPSS
CVE
CVE
added 2023/06/22 7:6 p.m.40 views

CVE-2023-28799

CVE-2023-28799 involves Zscaler Client Connector. The issue arises from insecure handling of a URL parameter in the login flow, enabling injection that can redirect users and exfiltrate the authorization token to an attacker-controlled domain. Public sources describe this as an input validation e...

8.2CVSS6.7AI score0.00445EPSS
CVE
CVE
added 2023/10/23 1:33 p.m.40 views

CVE-2023-28804

The CVE-2023-28804 entry documents an improper verification of a cryptographic signature in Zscaler Client Connector on Linux, allowing an attacker to replace binaries. Affected product: Zscaler Client Connector for Linux, with vulnerable versions before 1.4.0.105. The issue enables binary replac...

8.2CVSS6.2AI score0.00242EPSS
CVE
CVE
added 2023/10/23 1:22 p.m.38 views

CVE-2021-26737

CVE-2021-26737 affects the Zscaler Client Connector for macOS prior to 3.6. The vulnerability arises from insufficient validation of RPC clients, allowing a local attacker with LOW privileges to exploit a race condition to shutdown the Zscaler tunnel (availability impact). The root cause is a rac...

5.5CVSS4.7AI score0.00106EPSS
CVE
CVE
added 2024/08/06 3:41 p.m.37 views

CVE-2023-28806

Summary of CVE-2023-28806 (Zscaler Client Connector, Windows): The issue is an improper validation of the signature in Zscaler Client Connector on Windows, which allows an authenticated user to disable anti-tampering. Affected are Client Connector versions prior to 4.2.0.190. The CVE impacts the ...

6.5CVSS7AI score0.00188EPSS
CVE
CVE
added 2024/08/06 3:21 p.m.36 views

CVE-2024-23456

The CVE-2024-23456 issue affects Zscaler Client Connector on Windows prior to 4.2.0.190. The root cause is that anti-tampering can be disabled under certain conditions without signature validation, potentially enabling tampering with protection. The vulnerability is characterized with high impact...

7.8CVSS7.2AI score0.00226EPSS
CVE
CVE
added 2023/06/22 7:15 p.m.31 views

CVE-2023-28800

CVE-2023-28800 describes an XSS issue in Zscaler Client Connector caused by improper encoding of the redirect URL parameter when using local accounts for administration. The vulnerability allows an attacker to inject script via the redrurl parameter, potentially exposing admin login information. ...

8.1CVSS6.5AI score0.00548EPSS
CVE
CVE
added 2024/08/06 3:29 p.m.31 views

CVE-2024-23460

The CVE-2024-23460 issue is that the Zscaler Updater process does not validate the digital signature of the installer before execution, enabling arbitrary code to run locally. Affected software: Zscaler Client Connector on macOS versions earlier than 4.2. Root cause: lack of installer signature v...

7.8CVSS7.6AI score0.00126EPSS