CVE-2023-41973 — Path Traversal in Client Connector

CWE-22 — Path Traversal4 documents4 sources

Severity

7.8HIGHNVD

CNA7.3

EPSS

0.1%

top 82.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zscaler Client Connector

Timeline

PublishedMar 26

Description

ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5zscaler/client_connector< 4.3.0.121

▶NVDzscaler/client_connector< 4.3.0.121

🔴Vulnerability Details

CVEList

Lack of input santization on Zscaler Client Connector enables arbitrary code execution↗2024-03-26

▶

GHSA

GHSA-9q9g-6mgq-4cf7: ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName t↗2024-03-26

▶

📋Vendor Advisories

Oracle

Oracle Oracle JD Edwards Risk Matrix: Interoperability SEC (Apache Mina) — CVE-2021-41973↗2023-04-15

▶