Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Client_connector
(Zscaler)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 27 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-06 | CVE-2024-3661 | DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | Anyconnect_vpn_client, Secure_client, Secure_access_client, Big\-Ip_access_policy_manager, Forticlient, Globalprotect, Ipsec_mobile_vpn_client, Mobile_vpn_with_ssl, Client_connector | 7.6 | ||
| 2023-06-22 | CVE-2023-28799 | A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. | Client_connector | 6.1 | ||
| 2023-06-22 | CVE-2023-28800 | When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. | Client_connector | 6.1 | ||
| 2023-10-23 | CVE-2021-26735 | The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges. | Client_connector | 7.8 | ||
| 2023-10-23 | CVE-2021-26734 | Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context. | Client_connector | 5.5 | ||
| 2023-10-23 | CVE-2021-26736 | Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges. | Client_connector | 7.8 | ||
| 2023-10-23 | CVE-2021-26737 | The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition. | Client_connector | 4.7 | ||
| 2023-10-23 | CVE-2021-26738 | Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges. | Client_connector | 7.8 | ||
| 2023-10-23 | CVE-2023-28793 | Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | Client_connector | 7.8 | ||
| 2023-10-23 | CVE-2023-28795 | Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | Client_connector | 7.8 |