CVE-2020-11633

The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ZscalerCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
zscalerclient_connector
𝑥
< 2.1.2.81
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2020?applicable_category=Windows&applicable_version=2.1.2.81
https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2020?applicable_category=Windows&applicable_version=2.1.2.81