7.8
CVE-2024-23460
- EPSS 0.13%
- Veröffentlicht 06.08.2024 16:15:47
- Zuletzt bearbeitet 07.08.2024 21:29:01
- Quelle cve@zscaler.com
- CVE-Watchlists
- Unerledigt
Incorrect signature validation of package
The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zscaler ≫ Client Connector SwPlatformmacos Version < 4.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.026 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cve@zscaler.com | 6.4 | 1.2 | 5.2 |
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2