VYPR

Zscaler Client Connector Installer

by Zscaler

CVEs (8)

  • CVE-2020-11633CriJul 15, 2021
    risk 0.64cvss 9.8epss 0.02

    The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges.

  • CVE-2020-11634HigJul 15, 2021
    risk 0.51cvss 7.8epss 0.00

    The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context.

  • CVE-2020-11632HigJul 15, 2021
    risk 0.51cvss 7.8epss 0.00

    The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.

  • CVE-2020-11635HigFeb 16, 2021
    risk 0.51cvss 7.8epss 0.00

    The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.

  • CVE-2024-23464HigAug 6, 2024
    risk 0.47cvss 7.2epss 0.00

    In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1

  • CVE-2021-26736MedOct 23, 2023
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.

  • CVE-2021-26735MedOct 23, 2023
    risk 0.44cvss 6.7epss 0.00

    The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.

  • CVE-2025-54983MedNov 12, 2025
    risk 0.34cvss 5.2epss 0.00

    A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.