CVE-2024-23464 — Improper Preservation of Permissions in Client Connector

CWE-281 — Improper Preservation of Permissions3 documents3 sources

Severity

4.9MEDIUMNVD

CNA7.2

EPSS

0.1%

top 79.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zscaler Client Connector

Timeline

PublishedAug 6

Description

In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5zscaler/client_connector< 4.2.1

▶NVDzscaler/client_connector< 4.2.1

🔴Vulnerability Details

CVEList

Zscaler bypass with administrative privileges on Windows↗2024-08-06

▶

GHSA

GHSA-3hrv-ghrw-48w6: In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights↗2024-08-06

▶