ZscalerVULNRICHMENT:CVE-2024-23458CVE-2024-23458 Local Privilege Escalation on Zscaler Client Connector on Windows
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
AI Score
Confidence
High
EPSS
Percentile
9.5%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190.
CNA Affected
[
{
"vendor": "Zscaler",
"product": "Client Connector",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "4.2.0.190",
"versionType": "custom"
}
],
"platforms": [
"Windows"
],
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*"
],
"vendor": "zscaler",
"product": "client_connector",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "4.2.0.190",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
AI Score
Confidence
High
EPSS
Percentile
9.5%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total