{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23461", "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "state": "PUBLISHED", "assignerShortName": "Zscaler", "dateReserved": "2024-01-17T15:15:47.221Z", "datePublished": "2024-05-02T13:11:29.433Z", "dateUpdated": "2024-08-01T23:06:24.232Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS"], "product": "Client Connector", "vendor": "Zscaler", "versions": [{"lessThan": "3.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "LMCO Red Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.<p>This issue affects Client Connector on MacOS: before 3.4.</p>"}], "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.\n\n"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-354", "description": "CWE-354 Improper Validation of Integrity Check Value", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "shortName": "Zscaler", "dateUpdated": "2024-05-02T13:11:29.433Z"}, "references": [{"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4"}], "source": {"discovery": "UNKNOWN"}, "title": "ZCC macOS Upgrade ZIP Bomb DoS", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23461", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-02T14:50:52.485749Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:zscaler:client_connector:-:*:*:*:*:macos:*:*"], "vendor": "zscaler", "product": "client_connector", "versions": [{"status": "affected", "version": "-", "lessThan": "3.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:45:51.383Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:24.232Z"}, "title": "CVE Program Container", "references": [{"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:24.232Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23461", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-02T14:50:52.485749Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:zscaler:client_connector:-:*:*:*:*:macos:*:*"], "vendor": "zscaler", "product": "client_connector", "versions": [{"status": "affected", "version": "-", "lessThan": "3.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-02T14:58:32.215Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "ZCC macOS Upgrade ZIP Bomb DoS", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "LMCO Red Team"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zscaler", "product": "Client Connector", "versions": [{"status": "affected", "version": "0", "lessThan": "3.4", "versionType": "custom"}], "platforms": ["MacOS"], "defaultStatus": "unaffected"}], "references": [{"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.\n\n", "supportingMedia": [{"type": "text/html", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.<p>This issue affects Client Connector on MacOS: before 3.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-354", "description": "CWE-354 Improper Validation of Integrity Check Value"}]}], "providerMetadata": {"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "shortName": "Zscaler", "dateUpdated": "2024-05-02T13:11:29.433Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23461", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:06:24.232Z", "dateReserved": "2024-01-17T15:15:47.221Z", "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "datePublished": "2024-05-02T13:11:29.433Z", "assignerShortName": "Zscaler"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:*", "matchCriteriaId": "D7C568C1-31F0-4389-B291-8A73061E16B2", "versionEndExcluding": "3.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n incorrecta del valor de verificaci\u00f3n de integridad en Zscaler Client Connector en MacOS durante el proceso de actualizaci\u00f3n puede permitir una ejecuci\u00f3n local de c\u00f3digo. Este problema afecta a Client Connector en MacOS: versiones anteriores a 3.4."}], "id": "CVE-2024-23461", "lastModified": "2026-02-17T17:29:15.907", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "cve@zscaler.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-02T13:23:06.567", "references": [{"source": "cve@zscaler.com", "tags": ["Vendor Advisory", "Release Notes"], "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory", "Release Notes"], "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4"}], "sourceIdentifier": "cve@zscaler.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "cve@zscaler.com", "type": "Secondary"}]}

{}

{"created": "2025-07-12T15:42:39.484736+00:00", "updated": "2025-07-12T15:42:39.484787+00:00", "vendors": ["zscaler", "zscaler$PRODUCT$client_connector"]}