CVE-2024-23483Improper Input Validation in Client Connector

CWE-20Improper Input ValidationCWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
CNA7.0
EPSS
0.4%
top 39.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zscaler Client Connector
Timeline
PublishedAug 6

Description

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5zscaler/client_connector< 4.2

🔴Vulnerability Details

2
CVEList
Local Privilege Escalation via lack of input validation2024-08-06
GHSA
GHSA-cj7q-2c3r-w7p4: An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection2024-08-06
CVE-2024-23483 — Improper Input Validation | cvebase