PT-2021-3987 · Zscaler · Zscaler Client Connector

Published

2021-07-15

Updated

2021-07-27

CVE-2020-11634

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zscaler Client Connector versions prior to 2.1.2.105

Description The issue is caused by a DLL hijacking vulnerability due to the configuration of OpenSSL. This may allow a local adversary to execute arbitrary code in the SYSTEM context.

Recommendations For versions prior to 2.1.2.105, update to version 2.1.2.105 or later to resolve the issue. As a temporary workaround, consider restricting access to the SYSTEM context to minimize the risk of exploitation.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

BDU:2021-04508

CVE-2020-11634

Affected Products

Zscaler Client Connector

PT-2021-3987 · Zscaler · Zscaler Client Connector

CVE-2020-11634

Weakness Enumeration

Related Identifiers

Affected Products

References · 6