How severe is CVE-2024-23460?

CVE-2024-23460 has a CVSS v3 score of 6.4 (MEDIUM).

CVE-2024-23460

Name: client_connector
Author: zscaler

6.4MEDIUM

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4

Published: 8/6/2024Updated: 8/7/2024

Description

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.

AI AnalysisPowered by AI

Affected Products

zscalerclient_connector

References

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2
Vendor Advisory