CVE-2023-41971

An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Windows allows a system file to be overwritten.This issue affects Client Connector on Windows: before 3.7.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021??applicable_category=windows&applicable_version=3.7
https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021??applicable_category=windows&applicable_version=3.7

Configurations

No configuration.

History

21 Nov 2024, 08:22

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de resolución de enlace incorrecta antes del acceso al archivo ("siguiente enlace") en Zscaler Client Connector en Windows permite sobrescribir un archivo del sistema. Este problema afecta a Client Connector en Windows: versiones anteriores a 3.7.
References	~~() https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021??applicable_category=windows&applicable_version=3.7 -~~	() https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021??applicable_category=windows&applicable_version=3.7 -

02 May 2024, 13:27

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-02 13:23

Updated : 2024-11-21 08:22

NVD link : CVE-2023-41971

Mitre link : CVE-2023-41971

CVE.ORG link : CVE-2023-41971

JSON object : View

Products Affected

No product.

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

5.3 /10