Vulnerability Details CVE-2024-23460
The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.2%
CVSS Severity
CVSS v3 Score 6.4
Products affected by CVE-2024-23460
-
cpe:2.3:a:zscaler:client_connector:-
-
cpe:2.3:a:zscaler:client_connector:3.6
-
cpe:2.3:a:zscaler:client_connector:3.7
-
cpe:2.3:a:zscaler:client_connector:3.7.0.182
-
cpe:2.3:a:zscaler:client_connector:3.7.0.183
-
cpe:2.3:a:zscaler:client_connector:3.7.1.42
-
cpe:2.3:a:zscaler:client_connector:3.7.1.48
-
cpe:2.3:a:zscaler:client_connector:3.7.1.49
-
cpe:2.3:a:zscaler:client_connector:3.9
-
cpe:2.3:a:zscaler:client_connector:3.9.0.81
-
cpe:2.3:a:zscaler:client_connector:3.9.0.90
-
cpe:2.3:a:zscaler:client_connector:3.9.0.95
-
cpe:2.3:a:zscaler:client_connector:4.1