Lucene search

ZscalerVULNRICHMENT:CVE-2024-23461

HistoryMay 02, 2024 - 1:11 p.m.

CVE-2024-23461 ZCC macOS Upgrade ZIP Bomb DoS

2024-05-0213:11:29

CWE-354

Zscaler

github.com

cve-2024-23461

zcc

macos

upgrade

zip bomb

denial of service

local execution of code

integrity check value

CVSS3

4.2

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:zscaler:client_connector:-:*:*:*:*:macos:*:*"
    ],
    "vendor": "zscaler",
    "product": "client_connector",
    "versions": [
      {
        "status": "affected",
        "version": "-",
        "lessThan": "3.4",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4

CVSS3

4.2

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-23461