The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.
References
Configurations
History
07 Aug 2024, 21:29
Type | Values Removed | Values Added |
---|---|---|
First Time |
Zscaler client Connector
Zscaler |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | () https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2 - Vendor Advisory | |
Summary |
|
|
CPE | cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:* |
06 Aug 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-06 16:15
Updated : 2024-08-07 21:29
NVD link : CVE-2024-23460
Mitre link : CVE-2024-23460
CVE.ORG link : CVE-2024-23460
JSON object : View
Products Affected
zscaler
- client_connector
CWE
CWE-347
Improper Verification of Cryptographic Signature