CVE-2024-23460Improper Verification of Cryptographic Signature in Client Connector

CWE-347Improper Verification of Cryptographic Signature3 documents3 sources
Severity
7.8HIGHNVD
CNA6.4
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zscaler Client Connector
Timeline
PublishedAug 6

Description

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5zscaler/client_connector< 4.2

🔴Vulnerability Details

2
GHSA
GHSA-63rm-c268-28fh: The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed2024-08-06
CVEList
Incorrect signature validation of package2024-08-06
CVE-2024-23460 — Zscaler Client Connector vulnerability | cvebase