CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-23458

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.5%

CVSS Severity

CVSS v3 Score 7.3

References

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190

Products affected by CVE-2024-23458

Zscaler » Client Connector » Version: N/A

cpe:2.3:a:zscaler:client_connector:-
Zscaler » Client Connector » Version: 2.1

cpe:2.3:a:zscaler:client_connector:2.1
Zscaler » Client Connector » Version: 2.1.2

cpe:2.3:a:zscaler:client_connector:2.1.2
Zscaler » Client Connector » Version: 2.1.2.105

cpe:2.3:a:zscaler:client_connector:2.1.2.105
Zscaler » Client Connector » Version: 2.1.2.112

cpe:2.3:a:zscaler:client_connector:2.1.2.112
Zscaler » Client Connector » Version: 2.1.2.113

cpe:2.3:a:zscaler:client_connector:2.1.2.113
Zscaler » Client Connector » Version: 2.1.2.81

cpe:2.3:a:zscaler:client_connector:2.1.2.81
Zscaler » Client Connector » Version: 3.1

cpe:2.3:a:zscaler:client_connector:3.1
Zscaler » Client Connector » Version: 3.1.0

cpe:2.3:a:zscaler:client_connector:3.1.0
Zscaler » Client Connector » Version: 3.1.0.111

cpe:2.3:a:zscaler:client_connector:3.1.0.111
Zscaler » Client Connector » Version: 3.1.0.117

cpe:2.3:a:zscaler:client_connector:3.1.0.117
Zscaler » Client Connector » Version: 3.1.0.129

cpe:2.3:a:zscaler:client_connector:3.1.0.129
Zscaler » Client Connector » Version: 3.2

cpe:2.3:a:zscaler:client_connector:3.2
Zscaler » Client Connector » Version: 3.2.0.87

cpe:2.3:a:zscaler:client_connector:3.2.0.87
Zscaler » Client Connector » Version: 3.2.1.1

cpe:2.3:a:zscaler:client_connector:3.2.1.1
Zscaler » Client Connector » Version: 3.4

cpe:2.3:a:zscaler:client_connector:3.4
Zscaler » Client Connector » Version: 3.4.0.124

cpe:2.3:a:zscaler:client_connector:3.4.0.124
Zscaler » Client Connector » Version: 3.4.1.4

cpe:2.3:a:zscaler:client_connector:3.4.1.4
Zscaler » Client Connector » Version: 3.5

cpe:2.3:a:zscaler:client_connector:3.5
Zscaler » Client Connector » Version: 3.5.0.108

cpe:2.3:a:zscaler:client_connector:3.5.0.108
Zscaler » Client Connector » Version: 3.6

cpe:2.3:a:zscaler:client_connector:3.6
Zscaler » Client Connector » Version: 3.6.1

cpe:2.3:a:zscaler:client_connector:3.6.1
Zscaler » Client Connector » Version: 3.6.1.20

cpe:2.3:a:zscaler:client_connector:3.6.1.20
Zscaler » Client Connector » Version: 3.6.1.23

cpe:2.3:a:zscaler:client_connector:3.6.1.23
Zscaler » Client Connector » Version: 3.6.1.26

cpe:2.3:a:zscaler:client_connector:3.6.1.26
Zscaler » Client Connector » Version: 3.7

cpe:2.3:a:zscaler:client_connector:3.7
Zscaler » Client Connector » Version: 3.7.1

cpe:2.3:a:zscaler:client_connector:3.7.1
Zscaler » Client Connector » Version: 3.9

cpe:2.3:a:zscaler:client_connector:3.9
Zscaler » Client Connector » Version: 4.1

cpe:2.3:a:zscaler:client_connector:4.1
Zscaler » Client Connector » Version: 4.1.0.102

cpe:2.3:a:zscaler:client_connector:4.1.0.102
Zscaler » Client Connector » Version: 4.1.0.82

cpe:2.3:a:zscaler:client_connector:4.1.0.82
Zscaler » Client Connector » Version: 4.1.0.85

cpe:2.3:a:zscaler:client_connector:4.1.0.85
Zscaler » Client Connector » Version: 4.1.0.89

cpe:2.3:a:zscaler:client_connector:4.1.0.89
Zscaler » Client Connector » Version: 4.1.0.98

cpe:2.3:a:zscaler:client_connector:4.1.0.98
Zscaler » Client Connector » Version: 4.2

cpe:2.3:a:zscaler:client_connector:4.2
Zscaler » Client Connector » Version: 4.2.0.149

cpe:2.3:a:zscaler:client_connector:4.2.0.149
Zscaler » Client Connector » Version: 4.2.0.173

cpe:2.3:a:zscaler:client_connector:4.2.0.173

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-23458

Products

Pricing

Contact Us