CVE-2024-23457

EUVD-2024-20955
The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects Zscaler Client Connector on Windows prior to 4.2.0.209
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
zscalerclient_connector
𝑥
< 4.2.0.209
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
zscalerclient_connector
𝑥
< 4.2.0.209
ADP
Common Weakness Enumeration
References
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023