How severe is CVE-2024-23460?

CVE-2024-23460 has a CVSS v3 score of 6.4 (MEDIUM).

CVE-2024-23460

Name: client_connector
Author: zscaler

6.4MEDIUM

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4

Publicado: 8/6/2024Actualizado: 8/7/2024

Descripción

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.

Análisis IAImpulsado por IA

Productos Afectados

zscalerclient_connector

Referencias

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2
Vendor Advisory