Lucene search
ZscalerVULNRICHMENT:CVE-2024-23480HistoryMay 01, 2024 - 4:27 p.m.
CVE-2024-23480 Insecure MacOS code sign check fallback
2024-05-0116:27:35
CWE-347
Zscaler
github.com
cve-2024-23480
insecure
macos
zscaler client connector
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%
A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Client Connector",
"vendor": "Zscaler",
"versions": [
{
"lessThan": "4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
cvelist
cvelist
CVE-2024-23480 Insecure MacOS code sign check fallback
2024-05-01 16:27:35
nvd
nvd
CVE-2024-23480
2024-05-01 17:15:29
cve
cve
CVE-2024-23480
2024-05-01 17:15:29
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%
Related for VULNRICHMENT:CVE-2024-23480