CVE-2023-41970Improper Validation of Integrity Check Value in Client Connector

CWE-354Improper Validation of Integrity Check Value3 documents3 sources
Severity
7.8HIGHNVD
CNA6.0
EPSS
0.1%
top 83.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zscaler Client Connector
Timeline
PublishedMay 2

Description

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5zscaler/client_connector< 4.1.0.62
NVDzscaler/client_connector< 4.1.0.62

🔴Vulnerability Details

2
CVEList
Repair App local code execution with arbitrary privileges2024-05-02
GHSA
GHSA-2gg4-v645-j922: An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Loc2024-05-02
CVE-2023-41970 — Zscaler Client Connector vulnerability | cvebase