CVE-2024-23461

{"id": "CVE-2024-23461", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@zscaler.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-02T13:23:06.567", "references": [{"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4", "tags": ["Vendor Advisory", "Release Notes"], "source": "cve@zscaler.com"}, {"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4", "tags": ["Vendor Advisory", "Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@zscaler.com", "description": [{"lang": "en", "value": "CWE-354"}]}], "descriptions": [{"lang": "en", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n incorrecta del valor de verificaci\u00f3n de integridad en Zscaler Client Connector en MacOS durante el proceso de actualizaci\u00f3n puede permitir una ejecuci\u00f3n local de c\u00f3digo. Este problema afecta a Client Connector en MacOS: versiones anteriores a 3.4."}], "lastModified": "2026-02-17T17:29:15.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "D7C568C1-31F0-4389-B291-8A73061E16B2", "versionEndExcluding": "3.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@zscaler.com"}