Vulnerabilities > CVE-2024-23464 - Unspecified vulnerability in Zscaler Client Connector

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

zscaler

NVD

Published: 2024-08-06

Updated: 2024-08-07

Summary

In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1

Vulnerable Configurations

Part	Description	Count
Application	Zscaler Zscaler Client Connector - Zscaler Client Connector 2.1 Zscaler Client Connector 2.1.2 Zscaler Client Connector 2.1.2.81 Zscaler Client Connector 2.1.2.105 Zscaler Client Connector 2.1.2.112 Zscaler Client Connector 2.1.2.113 Zscaler Client Connector 3.1 Zscaler Client Connector 3.1.0 Zscaler Client Connector 3.1.0.111 Zscaler Client Connector 3.1.0.117 Zscaler Client Connector 3.1.0.129 Zscaler Client Connector 3.2 Zscaler Client Connector 3.2.0.87 Zscaler Client Connector 3.2.1.1 Zscaler Client Connector 3.4 Zscaler Client Connector 3.4.0.124 Zscaler Client Connector 3.4.1.4 Zscaler Client Connector 3.5 Zscaler Client Connector 3.5.0.108 Zscaler Client Connector 3.6 Zscaler Client Connector 3.6.1 Zscaler Client Connector 3.6.1.20 Zscaler Client Connector 3.6.1.23 Zscaler Client Connector 3.6.1.26 Zscaler Client Connector 3.7 Zscaler Client Connector 3.7.1 Zscaler Client Connector 3.9 Zscaler Client Connector 4.1 Zscaler Client Connector 4.1.0.82 Zscaler Client Connector 4.1.0.85 Zscaler Client Connector 4.1.0.89 Zscaler Client Connector 4.1.0.98 Zscaler Client Connector 4.1.0.102 Zscaler Client Connector 4.2 Zscaler Client Connector 4.2.0.149 Zscaler Client Connector 4.2.0.173	37

References

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.2.1