CVE-2023-41970 : An Improper Validation of Integrity Check Value vulnerability in Zscaler Client

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.

Published 2024-05-02 13:23:06

Updated 2024-05-02 13:27:25

Source Zscaler, Inc.

View at NVD, CVE.org

Products affected by CVE-2023-41970

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-41970

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 3 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-41970

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.0	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L	0.5	5.5	Zscaler, Inc.	2024-05-02
Attack Vector: Local Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: Low

CWE ids for CVE-2023-41970

CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

Assigned by: cve@zscaler.com (Secondary)

References for CVE-2023-41970

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1

Client Connector App Release Summary (2022) | Zscaler

Jump to

Vulnerability Details : CVE-2023-41970

Products affected by CVE-2023-41970

Exploit prediction scoring system (EPSS) score for CVE-2023-41970

CVSS scores for CVE-2023-41970

CWE ids for CVE-2023-41970

References for CVE-2023-41970