From 8c6076103007dd351a3e85c4c6883a58f5dc57c8 Mon Sep 17 00:00:00 2001 From: carel-v98 <109933205+carel-v98@users.noreply.github.com> Date: Wed, 1 May 2024 15:41:44 +0800 Subject: [PATCH] 20240501002-Zscaler-Client-Connector-Vulnerability (#691) * 20240501002-Zscaler-Client-Connector-Vulnerability * Format markdown docs --------- Co-authored-by: carel-v98 Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com> --- ...-Zscaler-Client-Connector-Vulnerability.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 docs/advisories/20240501002-Zscaler-Client-Connector-Vulnerability.md diff --git a/docs/advisories/20240501002-Zscaler-Client-Connector-Vulnerability.md b/docs/advisories/20240501002-Zscaler-Client-Connector-Vulnerability.md new file mode 100644 index 000000000..d6be7f6e4 --- /dev/null +++ b/docs/advisories/20240501002-Zscaler-Client-Connector-Vulnerability.md @@ -0,0 +1,21 @@ +# Zscaler Client Connector Vulnerability - 20240501002 + +## Overview + +Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to 4.2.1 + +## What is vulnerable? + +| CVE | Severity | CVSS | Product(s) Affected | +| --------------------------------------------------------------------- | -------- | ---- | ------------------------- | +| [**CVE-2024-23463**](https://nvd.nist.gov/vuln/detail/CVE-2024-23463) | **High** | 8.8 | **versions before 4.2.1** | + +## What has been observed? + +There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. + +## Recommendation + +The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)): + +- [Zscaler Client Connector 4.3.0.151 Enhancements and Fixes](https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023)