CVE-2024-23457 — Improper Privilege Management in Client Connector

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 65.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zscaler Client Connector

Timeline

PublishedMay 1

Description

The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects Zscaler Client Connector on Windows prior to 4.2.0.209

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5zscaler/client_connector< 4.2.0.209

▶NVDzscaler/client_connector< 4.2.0.209

🔴Vulnerability Details

GHSA

GHSA-rrr2-mvjv-hw48: The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced↗2024-05-01

▶

CVEList

Anti-tampering can be disabled with uninstall password enforced↗2024-05-01

▶