Zscaler: >> Client Connector Security Vulnerabilities
Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-10-23
The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-10-23
Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-10-23
Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-10-23
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-10-23
Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-10-23
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-10-23
An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-10-23
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105
CVSS Score
8.2
EPSS Score
0.0
Published
2023-10-23
An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105
CVSS Score
6.7
EPSS Score
0.001
Published
2023-10-23