{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23461", "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "state": "PUBLISHED", "assignerShortName": "Zscaler", "dateReserved": "2024-01-17T15:15:47.221Z", "datePublished": "2024-05-02T13:11:29.433Z", "dateUpdated": "2024-06-04T17:45:51.383Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS"], "product": "Client Connector", "vendor": "Zscaler", "versions": [{"lessThan": "3.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "LMCO Red Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.<p>This issue affects Client Connector on MacOS: before 3.4.</p>"}], "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.\n\n"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-354", "description": "CWE-354 Improper Validation of Integrity Check Value", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "shortName": "Zscaler", "dateUpdated": "2024-05-02T13:11:29.433Z"}, "references": [{"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4"}], "source": {"discovery": "UNKNOWN"}, "title": "ZCC macOS Upgrade ZIP Bomb DoS", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23461", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-02T14:50:52.485749Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:zscaler:client_connector:-:*:*:*:*:macos:*:*"], "vendor": "zscaler", "product": "client_connector", "versions": [{"status": "affected", "version": "-", "lessThan": "3.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:45:51.383Z"}}]}}

{"descriptions": [{"lang": "en", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n incorrecta del valor de verificaci\u00f3n de integridad en Zscaler Client Connector en MacOS durante el proceso de actualizaci\u00f3n puede permitir una ejecuci\u00f3n local de c\u00f3digo. Este problema afecta a Client Connector en MacOS: versiones anteriores a 3.4."}], "id": "CVE-2024-23461", "lastModified": "2024-05-02T13:27:25.103", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "cve@zscaler.com", "type": "Secondary"}]}, "published": "2024-05-02T13:23:06.567", "references": [{"source": "cve@zscaler.com", "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4"}], "sourceIdentifier": "cve@zscaler.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "cve@zscaler.com", "type": "Secondary"}]}

{}