CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11633
https://notcve.org/view.php?id=CVE-2020-11633
The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges. El Zscaler Client Connector para Windows anterior a versión 2.1.2.74, presentaba un desbordamiento de búfer en la región stack de la memoria cuando se conectaba a servidores TLS mal configurados. Un adversario podría potencialmente haber podido ejecutar código arbitrario con privilegios del sistema • https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2020?applicable_category=Windows&applicable_version=2.1.2.81 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11635
https://notcve.org/view.php?id=CVE-2020-11635
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges. Zscaler Client Connector versiones anteriores a 3.1.0, no comprobaba suficientemente los clientes RPC, lo que permite a un adversario local ejecutar código con privilegios system o llevar a cabo acciones limitadas para las que no tenía privilegios • https://trust.zscaler.com/posts/7316 •