VYPR
Unrated severityNVD Advisory· Published Mar 26, 2024· Updated Aug 5, 2024

Lack of input santization on Zscaler Client Connector enables arbitrary code execution

CVE-2023-41973

Description

ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.