Zscaler Client Connector — known CVE vulnerabilities
Every CVE whose affected-product data names Zscaler Client Connector, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (41)
CVE-2020-11633 — CVSS 9.8 (critical): The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers…
CVE-2024-23463 — CVSS 8.8 (high): Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App…
CVE-2023-28799 — CVSS 8.2 (high): A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would…
CVE-2023-28804 — CVSS 8.2 (high): An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue…
CVE-2023-28800 — CVSS 8.1 (high): When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing…
CVE-2020-11632 — CVSS 7.8 (high): The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code…
CVE-2020-11634 — CVSS 7.8 (high): The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A…
CVE-2020-11635 — CVSS 7.8 (high): The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with…
CVE-2021-26738 — CVSS 7.8 (high): Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be…
CVE-2023-28793 — CVSS 7.8 (high): Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects…
CVE-2023-28795 — CVSS 7.8 (high): Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects…
CVE-2024-23457 — CVSS 7.8 (high): The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is…
CVE-2024-23456 — CVSS 7.8 (high): Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with…
CVE-2024-3661 — CVSS 7.6 (high): DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on…
CVE-2024-23480 — CVSS 7.5 (high): A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on…
CVE-2023-41973 — CVSS 7.3 (high): ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends…
CVE-2024-23458 — CVSS 7.3 (high): While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially…
CVE-2023-41972 — CVSS 7.3 (high): In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed…
CVE-2023-41969 — CVSS 7.3 (high): An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end…
CVE-2024-23464 — CVSS 7.2 (high): In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client…
CVE-2024-23459 — CVSS 7.1 (high): An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to…
CVE-2023-28796 — CVSS 7.1 (high): Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue…
CVE-2024-23483 — CVSS 7.0 (high): An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler…
CVE-2024-23482 — CVSS 7.0 (high): The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac…
CVE-2021-26736 — CVSS 6.7 (medium): Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries…
CVE-2023-28805 — CVSS 6.7 (medium): An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client…
CVE-2021-26735 — CVSS 6.7 (medium): The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local…
CVE-2023-28798 — CVSS 6.5 (medium): An out-of-bounds write to heap in the pacparser library on Zscaler Client Connector on Mac may lead to arbitrary code execution.
CVE-2024-23460 — CVSS 6.4 (medium): The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be…
CVE-2023-28797 — CVSS 6.3 (medium): Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user…
CVE-2023-41970 — CVSS 6.0 (medium): An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality…
CVE-2023-28803 — CVSS 5.9 (medium): An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a…
CVE-2023-28806 — CVSS 5.7 (medium): An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This…
CVE-2021-26737 — CVSS 5.5 (medium): The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient…
CVE-2026-22569 — CVSS 5.4 (medium): An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from…
CVE-2023-41971 — CVSS 5.3 (medium): An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Windows allows a system file…
CVE-2023-28802 — CVSS 4.9 (medium): An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by…
CVE-2021-26734 — CVSS 4.4 (medium): Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A…
CVE-2023-28794 — CVSS 4.3 (medium): Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client…
CVE-2024-23461 — CVSS 4.2 (medium): An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a…
CVE-2024-23462 — CVSS 3.3 (low): An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client…