CVE-2024-23460

CVE Database · CVE-2024-23460

CVE-2024-23460

· MEDIUMAnalyzed

CVSS v3.1

6.4

EPSS

0.13%

Published

Aug 6, 2024

Modified

Aug 7, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-347CWE-347

Affected Products (1)

zscaler · client_connector (up to 4.2)vulnerable

References (1)

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs