CVE-2024-23457

CVE Database · CVE-2024-23457

CVE-2024-23457

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

0.20%

Published

May 1, 2024

Modified

Mar 2, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects Zscaler Client Connector on Windows prior to 4.2.0.209

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-269

Affected Products (1)

zscaler · client_connector (up to 4.2.0.209)vulnerable

References (2)

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023

Vendor AdvisoryRelease Notes

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023

Vendor AdvisoryRelease Notes

KEV Catalog EPSS Scores Vendors All CVEs