Skip to main content

Client Connector

24 CVEs product

Monthly

CVE-2024-23483 CRITICAL Act Now

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Command Injection Client Connector
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-23464 MEDIUM This Month

In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Client Connector
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-23460 HIGH This Week

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Jwt Attack RCE Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23458 HIGH This Week

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation.2.0.190. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23456 HIGH This Week

Anti-tampering can be disabled under certain conditions without signature validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Client Connector
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-3661 HIGH POC This Week

DHCP can add routes to a client’s routing table via the classless static route option (121). Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Forticlient Anyconnect Vpn Client Secure Client Globalprotect +5
NVD
CVSS 3.1
7.6
EPSS
4.1%
CVE-2024-23462 HIGH This Week

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Client Connector
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-23461 MEDIUM This Month

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Client Connector
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-23459 CRITICAL Act Now

An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Client Connector
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-23480 CRITICAL Act Now

A fallback mechanism in code sign checking on macOS may allow arbitrary code execution.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Jwt Attack RCE Client Connector
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-23457 HIGH This Week

The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23463 HIGH This Week

Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Microsoft Client Connector
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-23482 HIGH This Week

The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28802 MEDIUM This Month

An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Client Connector
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-28794 MEDIUM This Month

Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse.3.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Client Connector
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-28805 CRITICAL Act Now

An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation.4.0.105. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Client Connector
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-28804 MEDIUM This Month

An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.4.0.105. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Client Connector
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-28803 MEDIUM This Month

An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass.9. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Client Connector
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-28797 HIGH This Week

Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Client Connector
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-28796 HIGH This Week

Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection.3.1.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28795 HIGH This Week

Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process.3.1.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28793 HIGH This Week

Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection.3.1.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Code Injection Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28800 MEDIUM This Month

When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Client Connector
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-28799 MEDIUM This Month

A URL parameter during login flow was vulnerable to injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Client Connector
NVD
CVSS 3.1
6.1
EPSS
0.4%
EPSS 1% CVSS 9.8
CRITICAL Act Now

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Command Injection Client Connector
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Client Connector
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Jwt Attack RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation.2.0.190. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Client Connector
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Anti-tampering can be disabled under certain conditions without signature validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Client Connector
NVD
EPSS 4% CVSS 7.6
HIGH POC This Week

DHCP can add routes to a client’s routing table via the classless static route option (121). Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Forticlient Anyconnect Vpn Client +7
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Client Connector
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Client Connector
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Client Connector
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A fallback mechanism in code sign checking on macOS may allow arbitrary code execution.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Jwt Attack RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Client Connector
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Microsoft Client Connector
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Client Connector
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Client Connector
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse.3.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Client Connector
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation.4.0.105. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Client Connector
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.4.0.105. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Client Connector
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass.9. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Client Connector
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Client Connector
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection.3.1.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Client Connector
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process.3.1.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Client Connector
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection.3.1.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Code Injection +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Client Connector
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A URL parameter during login flow was vulnerable to injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Client Connector
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy