PT-2023-12110 · Zscaler · Zscaler Client Connector

Thomas Chauchefoin

Publicado

2023-10-23

Atualizado

2023-10-27

CVE-2021-26737

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Zscaler Client Connector for macOS versions prior to 3.6

Description The Zscaler Client Connector for macOS did not sufficiently validate RPC clients, allowing a local adversary without sufficient privileges to potentially shutdown the Zscaler tunnel by exploiting a race condition.

Recommendations For versions prior to 3.6, update to version 3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the RPC client validation mechanism to minimize the risk of exploitation.

Correção

Origin Validation Error

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-346

Identificadores relacionados

CVE-2021-26737

Produtos afetados

Zscaler Client Connector

PT-2023-12110 · Zscaler · Zscaler Client Connector

CVE-2021-26737

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6