Zscaler: Security Vulnerabilities
The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-07-15
The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-07-15
The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges.
CVSS Score
9.8
EPSS Score
0.011
Published
2021-07-15
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-16
Page 4