PT-2023-12110 · Zscaler · Zscaler Client Connector

Thomas Chauchefoin

Published

2023-10-23

Updated

2023-10-27

CVE-2021-26737

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Zscaler Client Connector for macOS versions prior to 3.6

Description The Zscaler Client Connector for macOS did not sufficiently validate RPC clients, allowing a local adversary without sufficient privileges to potentially shutdown the Zscaler tunnel by exploiting a race condition.

Recommendations For versions prior to 3.6, update to version 3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the RPC client validation mechanism to minimize the risk of exploitation.

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

CVE-2021-26737

Affected Products

Zscaler Client Connector

PT-2023-12110 · Zscaler · Zscaler Client Connector

CVE-2021-26737

Weakness Enumeration

Related Identifiers

Affected Products

References · 6