CVE-2024-23459
Multiple Arbitrary Creates/Overwrites by link following
Severity Score
7.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.This issue affects Zscaler Client Connector on Mac : before 3.7.
Una vulnerabilidad de resoluciĆ³n de enlace incorrecta antes del acceso al archivo ("siguiente enlace") en Zscaler Client Connector en Mac permite sobrescribir un archivo del sistema. Este problema afecta a Zscaler Client Connector en Mac: versiones anteriores a 3.7.
*Credits:
LMCO Red Team
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-01-17 CVE Reserved
- 2024-05-02 CVE Published
- 2024-05-03 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
- CAPEC-73: User-Controlled Filename
References (1)
URL | Tag | Source |
---|---|---|
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macos&applicable_version=3.7 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Zscaler Search vendor "Zscaler" | Client Connector Search vendor "Zscaler" for product "Client Connector" | < 3.7 Search vendor "Zscaler" for product "Client Connector" and version " < 3.7" | en |
Affected
|