CVE-2021-26735 — Origin Validation Error in Client Connector

CWE-346 — Origin Validation Error CWE-428 — Unquoted Search Path or Element3 documents3 sources

Severity

7.8HIGHNVD

CNA6.7

EPSS

0.0%

top 88.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zscaler Client Connector

Timeline

PublishedOct 23

Description

The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5zscaler/client_connector< 3.6

▶NVDzscaler/client_connector< 3.6

🔴Vulnerability Details

CVEList

Untrusted Search Path While Executing REG DELETE by Uninstaller↗2023-10-23

▶

GHSA

GHSA-j8g4-qgjp-w2g8: The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3↗2023-10-23

▶