Zscaler Client Connector 3.2 for Windows

CPE Details

Zscaler Client Connector 3.2 for Windows
zscaler
client_connector
3.2
2023-06-30
12h40 +00:00
2023-06-30
14h38 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:zscaler:client_connector:3.2:*:*:*:*:windows:*:*

Informations

Vendor

zscaler

Product

client_connector

Version

3.2

Target Software

windows

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-28806 2024-08-06 15h41 +00:00 An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190.
6.5
Medium
CVE-2024-23464 2024-08-06 15h24 +00:00 In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1
7.2
High
CVE-2024-23458 2024-08-06 15h22 +00:00 While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190.
7.8
High
CVE-2024-23456 2024-08-06 15h21 +00:00 Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled.
7.8
High
CVE-2023-28802 2023-11-21 10h51 +00:00 An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149.
5.4
Medium
CVE-2023-28803 2023-10-23 13h32 +00:00 An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.
6.5
Medium
CVE-2023-28797 2023-10-23 13h30 +00:00 Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.
7.3
High
CVE-2021-26736 2023-10-23 13h21 +00:00 Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.
7.8
High
CVE-2021-26735 2023-10-23 13h19 +00:00 The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.
7.8
High
CVE-2021-26734 2023-10-23 13h18 +00:00 Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context.
5.5
Medium
CVE-2023-28800 2023-06-22 19h15 +00:00 When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
8.1
High
CVE-2023-28799 2023-06-22 19h06 +00:00 A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.
8.2
High