Описание
The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition.
Ссылки
- Release Notes
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 3.6 (исключая)
cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:*
EPSS
Процентиль: 4%
0.00019
Низкий
5.5 Medium
CVSS3
4.7 Medium
CVSS3
Дефекты
CWE-346
CWE-346
Связанные уязвимости
CVSS3: 5.5
github
больше 2 лет назад
The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition.
EPSS
Процентиль: 4%
0.00019
Низкий
5.5 Medium
CVSS3
4.7 Medium
CVSS3
Дефекты
CWE-346
CWE-346