Zscaler: >> Client Connector >> 3.4.1.4 Security Vulnerabilities
Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-08-06
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190.
CVSS Score
7.3
EPSS Score
0.0
Published
2024-08-06
In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1
CVSS Score
7.2
EPSS Score
0.001
Published
2024-08-06
An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190.
CVSS Score
5.7
EPSS Score
0.0
Published
2024-08-06
An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-11-21
The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-10-23
Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-10-23
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-10-23
An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-10-23
A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-06-22
Page 1