Vulnerabilities > Zscaler > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-06 CVE-2024-23456 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector
Anti-tampering can be disabled under certain conditions without signature validation.
network
low complexity
zscaler CWE-347
7.5
2024-08-06 CVE-2024-23458 Origin Validation Error vulnerability in Zscaler Client Connector
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation.
local
low complexity
zscaler CWE-346
7.8
2024-08-06 CVE-2024-23460 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector
The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed.
local
low complexity
zscaler CWE-347
7.8
2024-01-31 CVE-2023-28807 Improper Certificate Validation vulnerability in Zscaler Secure Internet and Saas Access
In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name Indication (SNI) enables attackers to evade network security controls by hiding their communications within legitimate traffic.
network
low complexity
zscaler CWE-295
7.5
2023-10-23 CVE-2021-26735 Unquoted Search Path or Element vulnerability in Zscaler Client Connector
The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability.
local
low complexity
zscaler CWE-428
7.8
2023-10-23 CVE-2021-26736 Path Traversal vulnerability in Zscaler Client Connector
Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path.
local
low complexity
zscaler CWE-22
7.8
2023-10-23 CVE-2021-26738 Untrusted Search Path vulnerability in Zscaler Client Connector 3.6
Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable.
local
low complexity
zscaler CWE-426
7.8
2023-10-23 CVE-2023-28793 Out-of-bounds Write vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1
Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection.
local
low complexity
zscaler CWE-787
7.8
2023-10-23 CVE-2023-28795 Origin Validation Error vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process.
local
low complexity
zscaler CWE-346
7.8
2023-10-23 CVE-2023-28796 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1
Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection.
local
low complexity
zscaler CWE-347
7.8