Zscaler Client Connector up to 3.3 on macOS integrity check
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.6 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in Zscaler Client Connector up to 3.3 on macOS. This vulnerability affects unknown code. The manipulation leads to integrity check. This vulnerability is traded as CVE-2024-23461. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.
Details
A vulnerability was found in Zscaler Client Connector up to 3.3 on macOS and classified as problematic. This issue affects some unknown functionality. The manipulation with an unknown input leads to a integrity check vulnerability. Using CWE to declare the problem leads to CWE-354. The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. Impacted is availability. The summary by CVE is:
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.
It is possible to read the advisory at help.zscaler.com. The identification of this vulnerability is CVE-2024-23461 since 01/17/2024. The exploitation is known to be difficult. The attack can only be initiated within the local network. Additional levels of successful authentication are needed for exploitation. The technical details are unknown and an exploit is not publicly available.
Upgrading to version 3.4 eliminates this vulnerability.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.6VulDB Meta Temp Score: 4.6
VulDB Base Score: 4.2
VulDB Temp Score: 4.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CNA Base Score: 4.2
CNA Vector (Zscaler, Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Integrity checkCWE: CWE-354 / CWE-345
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Client Connector 3.4
Timeline
01/17/2024 🔍05/02/2024 🔍
05/02/2024 🔍
02/17/2026 🔍
Sources
Advisory: help.zscaler.comStatus: Confirmed
CVE: CVE-2024-23461 (🔍)
GCVE (CVE): GCVE-0-2024-23461
GCVE (VulDB): GCVE-100-262859
Entry
Created: 05/02/2024 15:39Updated: 02/17/2026 19:20
Changes: 05/02/2024 15:39 (63), 02/17/2026 19:20 (13)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.