CVE-2021-26734

Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
ZscalerCNA
4.4 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
zscalerclient_connector
𝑥
< 3.4.0.124
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021
https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021