CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26737 – Privilege Escalation Using PID Reuse in ZCC macOS
https://notcve.org/view.php?id=CVE-2021-26737
The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition. Zscaler Client Connector para macOS anterior a 3.6 no validaba suficientemente los clientes RPC. Un adversario local sin privilegios suficientes podría cerrar el túnel Zscaler aprovechando una condición de ejecución. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.6&deployment_date=2022-01-07&id=1388686 • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26736 – ZApp Installer Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-26736
Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges. Múltiples vulnerabilidades en Zscaler Client Connector Installer and Uninstaller para Windows anteriores a 3.6 permitían la ejecución de archivos binarios desde una ruta con pocos privilegios. Un adversario local puede ejecutar código con privilegios de SYSTEM. • https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26735 – Untrusted Search Path While Executing REG DELETE by Uninstaller
https://notcve.org/view.php?id=CVE-2021-26735
The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges. Zscaler Client Connector Installer and Unsintallers para Windows anteriores a 3.6 tenían una vulnerabilidad de ruta de búsqueda sin comillas. Un adversario local puede ejecutar código con privilegios de SYSTEM. • https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021 • CWE-346: Origin Validation Error CWE-428: Unquoted Search Path or Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26734 – Junction Delete leading to elevation of privilege
https://notcve.org/view.php?id=CVE-2021-26734
Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context. El instalador de Zscaler Client Connector en Windows anterior a la versión 3.4.0.124 manejaba incorrectamente las uniones de directorios durante la desinstalación. Un adversario local puede eliminar carpetas en un contexto elevado. • https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28801 – Improper SAML signature verification
https://notcve.org/view.php?id=CVE-2023-28801
An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.This issue affects Admin UI: from 6.2 before 6.2r. • https://help.zscaler.com/zia/release-upgrade-summary-2023 • CWE-347: Improper Verification of Cryptographic Signature •