CVE-2024-23457

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zscaler Client Connector versions prior to 4.2.0.209

Description The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced.

Recommendations For versions prior to 4.2.0.209, update to version 4.2.0.209 or later to resolve the issue. As a temporary workaround, consider restricting access to the uninstall functionality until a patch is applied.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2024-23457

Affected Products

Zscaler Client Connector

CVE-2024-23457

Weakness Enumeration

Related Identifiers

Affected Products

References · 8