CVE-2023-41970

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
ZscalerCNA
6 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1