CVE-2024-23463

Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to 4.2.1

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023	Vendor Advisory Release Notes
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023	Vendor Advisory Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*

History

No history.

Information

Published : 2024-04-30 17:15

Updated : 2026-03-02 19:37

NVD link : CVE-2024-23463

Mitre link : CVE-2024-23463

CVE.ORG link : CVE-2024-23463

JSON object : View

Products Affected

zscaler

client_connector

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

{"id": "CVE-2024-23463", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@zscaler.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2024-04-30T17:15:46.383", "references": [{"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023", "tags": ["Vendor Advisory", "Release Notes"], "source": "cve@zscaler.com"}, {"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023", "tags": ["Vendor Advisory", "Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@zscaler.com", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to 4.2.1\n"}, {"lang": "es", "value": "La protecci\u00f3n antimanipulaci\u00f3n del Zscaler Client Connector se puede omitir bajo ciertas condiciones al ejecutar la funcionalidad de la aplicaci\u00f3n de reparaci\u00f3n. Esto afecta a Zscaler Client Connector en Windows anteriores a 4.2.1"}], "lastModified": "2026-03-02T19:37:01.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "2D2DCA8F-AE47-4F23-A0F0-E72721B13BDE", "versionEndExcluding": "4.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@zscaler.com"}