How severe is CVE-2024-23460?

CVE-2024-23460 has a CVSS v3 score of 6.4 (MEDIUM).

CVE-2024-23460

Name: client_connector
Author: zscaler

6.4MEDIUM

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4

Veröffentlicht: 8/6/2024Aktualisiert: 8/7/2024

Beschreibung

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.

KI-AnalyseKI-gestützt

Betroffene Produkte

zscalerclient_connector

Referenzen

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2
Vendor Advisory