CVE-2024-23458 — Origin Validation Error in Client Connector

CWE-346 — Origin Validation Error3 documents3 sources

Severity

7.8HIGHNVD

CNA7.3

EPSS

0.0%

top 87.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zscaler Client Connector

Timeline

PublishedAug 6

Description

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5zscaler/client_connector< 4.2.0.190

▶NVDzscaler/client_connector< 4.2.0.190

🔴Vulnerability Details

GHSA

GHSA-mr4g-jrgx-66c6: While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a loca↗2024-08-06

▶

CVEList

Local Privilege Escalation on Zscaler Client Connector on Windows↗2024-08-06

▶