CVE-2021-26737 — Origin Validation Error in Client Connector

CWE-346 — Origin Validation Error3 documents3 sources

Severity

4.7MEDIUMNVD

CNA5.5

EPSS

0.0%

top 94.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zscaler Client Connector

Timeline

PublishedOct 23

Description

The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5zscaler/client_connector< 3.6

▶NVDzscaler/client_connector< 3.6

🔴Vulnerability Details

CVEList

Privilege Escalation Using PID Reuse in ZCC macOS↗2023-10-23

▶

GHSA

GHSA-7x29-jh5v-6wwf: The Zscaler Client Connector for macOS prior to 3↗2023-10-23

▶