CVE-2024-23462Improper Validation of Integrity Check Value in Client Connector

CWE-354Improper Validation of Integrity Check Value3 documents3 sources
Severity
7.5HIGHNVD
CNA3.3
EPSS
0.1%
top 73.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zscaler Client Connector
Timeline
PublishedMay 2

Description

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5zscaler/client_connector< 3.4

🔴Vulnerability Details

2
CVEList
ZCC Mac validinstaller file integrity check missing2024-05-02
GHSA
GHSA-9c5h-6x6r-hvxh: An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector2024-05-02
CVE-2024-23462 — Zscaler Client Connector vulnerability | cvebase