How severe is CVE-2024-23460?

CVE-2024-23460 has a CVSS v3 score of 6.4 (MEDIUM).

CVE-2024-23460

Name: client_connector
Author: zscaler

6.4MEDIUM

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4

Publicado: 8/6/2024Atualizado: 8/7/2024

Descrição

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.

Análise IADesenvolvido por IA

Produtos Afetados

zscalerclient_connector

Referências

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2
Vendor Advisory