CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11634
https://notcve.org/view.php?id=CVE-2020-11634
The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context. El Zscaler Client Connector para Windows anterior a versión 2.1.2.105, presentaba una vulnerabilidad de secuestro DLL causada debido a la configuración de OpenSSL. Un adversario local puede ser capaz de ejecutar código arbitrario en el contexto SYSTEM • https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2020?applicable_category=Windows&applicable_version=2.1.2.105 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11632
https://notcve.org/view.php?id=CVE-2020-11632
The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. El Zscaler Client Connector anterior a versión 2.1.2.150, no citaba la ruta de búsqueda de servicios, lo que permite a un adversario local ejecutar código con privilegios del sistema • https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2020?applicable_category=Windows&applicable_version=2.1.2.105 • CWE-428: Unquoted Search Path or Element •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11633
https://notcve.org/view.php?id=CVE-2020-11633
The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges. El Zscaler Client Connector para Windows anterior a versión 2.1.2.74, presentaba un desbordamiento de búfer en la región stack de la memoria cuando se conectaba a servidores TLS mal configurados. Un adversario podría potencialmente haber podido ejecutar código arbitrario con privilegios del sistema • https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2020?applicable_category=Windows&applicable_version=2.1.2.81 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11635
https://notcve.org/view.php?id=CVE-2020-11635
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges. Zscaler Client Connector versiones anteriores a 3.1.0, no comprobaba suficientemente los clientes RPC, lo que permite a un adversario local ejecutar código con privilegios system o llevar a cabo acciones limitadas para las que no tenía privilegios • https://trust.zscaler.com/posts/7316 •