Lucene search

ZscalerVULNRICHMENT:CVE-2023-41972

HistoryMar 26, 2024 - 2:16 p.m.

CVE-2023-41972 Revert password check incorrect type validation

2024-03-2614:16:24

CWE-269

Zscaler

github.com

cve-2023-41972

password validation

revert password

fixed version

win zapp 4.3.0.121

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

7.3

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*"
    ],
    "vendor": "zscaler",
    "product": "client_connector",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.3.0.121",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

7.3

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-41972