CVE-2024-23463Time-of-check Time-of-use (TOCTOU) Race Condition in Client Connector

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources
Severity
8.1HIGHNVD
CNA8.8
EPSS
0.1%
top 73.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zscaler Client Connector
Timeline
PublishedApr 30

Description

Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to 4.2.1

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5zscaler/client_connector< 4.2.1

🔴Vulnerability Details

2
GHSA
GHSA-p7r9-xpgq-6hgj: Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality2024-04-30
CVEList
Anti-Tampering bypass via Repair App functionality2024-04-30
CVE-2024-23463 — Zscaler Client Connector vulnerability | cvebase