Vulnerabilities > Zscaler

DATE CVE VULNERABILITY TITLE RISK
2024-08-06 CVE-2023-28806 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector
An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering.
network
low complexity
zscaler CWE-347
6.5
2024-08-06 CVE-2024-23456 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector
Anti-tampering can be disabled under certain conditions without signature validation.
network
low complexity
zscaler CWE-347
7.5
2024-08-06 CVE-2024-23458 Origin Validation Error vulnerability in Zscaler Client Connector
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation.
local
low complexity
zscaler CWE-346
7.8
2024-08-06 CVE-2024-23460 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector
The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed.
local
low complexity
zscaler CWE-347
7.8
2024-08-06 CVE-2024-23464 Unspecified vulnerability in Zscaler Client Connector
In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights.
network
low complexity
zscaler
4.9
2024-08-06 CVE-2024-23483 OS Command Injection vulnerability in Zscaler Client Connector
An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2.
network
low complexity
zscaler CWE-78
critical
9.8
2024-01-31 CVE-2023-28807 Improper Certificate Validation vulnerability in Zscaler Secure Internet and Saas Access
In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name Indication (SNI) enables attackers to evade network security controls by hiding their communications within legitimate traffic.
network
low complexity
zscaler CWE-295
7.5
2023-11-21 CVE-2023-28802 Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector
An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics.
network
low complexity
zscaler CWE-354
5.4
2023-11-06 CVE-2023-28794 Origin Validation Error vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse.
network
low complexity
zscaler CWE-346
6.5
2023-10-23 CVE-2021-26734 Unspecified vulnerability in Zscaler Client Connector
Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation.
local
low complexity
zscaler
5.5