CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31127 – MacOS Zscaler Client Connector Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-31127
04 Jun 2025 — An improper verification of a loaded library in Zscaler Client Connector on Mac < 4.2.0.241 may allow a local attacker to elevate their privileges. • https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2023?applicable_category=macOS&applicable_version=4.2&deployment_date=2023-12-14 • CWE-346: Origin Validation Error •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28806 – Signature validation error in DLL allows disabling anti-tampering protection
https://notcve.org/view.php?id=CVE-2023-28806
06 Aug 2024 — An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23483 – Local Privilege Escalation via lack of input validation
https://notcve.org/view.php?id=CVE-2024-23483
06 Aug 2024 — An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23460 – Incorrect signature validation of package
https://notcve.org/view.php?id=CVE-2024-23460
06 Aug 2024 — The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23464 – Zscaler bypass with administrative privileges on Windows
https://notcve.org/view.php?id=CVE-2024-23464
06 Aug 2024 — In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1 • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.2.1 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23458 – Local Privilege Escalation on Zscaler Client Connector on Windows
https://notcve.org/view.php?id=CVE-2024-23458
06 Aug 2024 — While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190 • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23456 – Signature validation issue leads to Anti-Tampering bypass
https://notcve.org/view.php?id=CVE-2024-23456
06 Aug 2024 — Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23462 – ZCC Mac validinstaller file integrity check missing
https://notcve.org/view.php?id=CVE-2024-23462
02 May 2024 — An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4. Una vulnerabilidad de validación inadecuada del valor de verificación de integridad en Zscaler Client Connector en MacOS permite una denegación de servicio del binario de Client Connector y, por lo tanto, elimina la funcionalidad del cliente. Este problema a... • https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23461 – ZCC macOS Upgrade ZIP Bomb DoS
https://notcve.org/view.php?id=CVE-2024-23461
02 May 2024 — An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4. Una vulnerabilidad de validación incorrecta del valor de verificación de integridad en Zscaler Client Connector en MacOS durante el proceso de actualización puede permitir una ejecución local de código. Este problema afecta a Client Connector en MacOS: versiones anteriores a 3.4. • https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23459 – Multiple Arbitrary Creates/Overwrites by link following
https://notcve.org/view.php?id=CVE-2024-23459
02 May 2024 — An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.This issue affects Zscaler Client Connector on Mac : before 3.7. Una vulnerabilidad de resolución de enlace incorrecta antes del acceso al archivo ("siguiente enlace") en Zscaler Client Connector en Mac permite sobrescribir un archivo del sistema. Este problema afecta a Zscaler Client Connector en Mac: versiones anteriores a 3.7. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macos&applicable_version=3.7 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •