CVE-2024-23461 — Improper Validation of Integrity Check Value in Client Connector

CWE-354 — Improper Validation of Integrity Check Value3 documents3 sources

Severity

5.5MEDIUMNVD

CNA4.2

EPSS

0.0%

top 84.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zscaler Client Connector

Timeline

PublishedMay 2

Description

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5zscaler/client_connector< 3.4

▶NVDzscaler/client_connector< 3.4

🔴Vulnerability Details

CVEList

ZCC macOS Upgrade ZIP Bomb DoS↗2024-05-02

▶

GHSA

GHSA-276f-6jm7-647m: An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execut↗2024-05-02

▶