CVE-2023-28796 – IPC Bypass Through PLT Section in ELF
https://notcve.org/view.php?id=CVE-2023-28796
Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. La verificación incorrecta de la vulnerabilidad de Cryptographic Signature en Zscaler Client Connector en Linux permite la inyección de código. Este problema afecta a Zscaler Client Connector para Linux: versiones anteriores a 1.3.1.6. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-347: Improper Verification of Cryptographic Signature •
CVE-2023-28795 – Client IPC validation bypass
https://notcve.org/view.php?id=CVE-2023-28795
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. La vulnerabilidad de error de validación de origen en Zscaler Client Connector en Linux permite la inclusión de código en el proceso existente. Este problema afecta a Zscaler Client Connector para Linux: versiones anteriores a 1.3.1.6. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19 • CWE-346: Origin Validation Error •
CVE-2023-28793 – Heap Based Buffer Overflow in Library
https://notcve.org/view.php?id=CVE-2023-28793
Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. Una vulnerabilidad de desbordamiento de búfer en la librería signelf utilizada por Zscaler Client Connector en Linux permite la inyección de código. Este problema afecta a Zscaler Client Connector para Linux: versiones anteriores a 1.3.1.6. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVE-2021-26738 – Privilege Escalation for ZCC macOS via PATH Variable
https://notcve.org/view.php?id=CVE-2021-26738
Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges. Zscaler Client Connector para macOS anterior a 3.7 tenía una vulnerabilidad de ruta de búsqueda sin comillas a través de la variable PATH. Un adversario local puede ejecutar código con privilegios de root. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.7&deployment_date=2022-08-19&id=1414851 • CWE-426: Untrusted Search Path •
CVE-2021-26737 – Privilege Escalation Using PID Reuse in ZCC macOS
https://notcve.org/view.php?id=CVE-2021-26737
The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition. Zscaler Client Connector para macOS anterior a 3.6 no validaba suficientemente los clientes RPC. Un adversario local sin privilegios suficientes podría cerrar el túnel Zscaler aprovechando una condición de ejecución. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.6&deployment_date=2022-01-07&id=1388686 • CWE-346: Origin Validation Error •