Unrated severityNVD Advisory· Published Mar 26, 2024· Updated Aug 5, 2024
Lack of input santization on Zscaler Client Connector enables arbitrary code execution
CVE-2023-41973
Description
ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later.
Affected products
1- Range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.