CVE-2024-23462

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4	Vendor Advisory Release Notes
https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4	Vendor Advisory Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:*

History

No history.

Information

Published : 2024-05-02 13:23

Updated : 2026-02-17 19:06

NVD link : CVE-2024-23462

Mitre link : CVE-2024-23462

CVE.ORG link : CVE-2024-23462

JSON object : View

Products Affected

zscaler

client_connector

CWE

CWE-354

Improper Validation of Integrity Check Value

{"id": "CVE-2024-23462", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@zscaler.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-05-02T13:23:06.810", "references": [{"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4", "tags": ["Vendor Advisory", "Release Notes"], "source": "cve@zscaler.com"}, {"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4", "tags": ["Vendor Advisory", "Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@zscaler.com", "description": [{"lang": "en", "value": "CWE-354"}]}], "descriptions": [{"lang": "en", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n inadecuada del valor de verificaci\u00f3n de integridad en Zscaler Client Connector en MacOS permite una denegaci\u00f3n de servicio del binario de Client Connector y, por lo tanto, elimina la funcionalidad del cliente. Este problema afecta a Client Connector en MacOS: versiones anteriores a 3.4."}], "lastModified": "2026-02-17T19:06:28.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "D7C568C1-31F0-4389-B291-8A73061E16B2", "versionEndExcluding": "3.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@zscaler.com"}