Client Connector

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

Published: 2024-05-06T18:31:21.217Z
Updated: 2024-08-28T19:09:06.995Z

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2.

Published: 2024-08-06T15:30:51.851Z
Updated: 2024-08-06T18:08:53.764Z

The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later.

Published: 2024-03-26T14:23:20.100Z
Updated: 2024-08-05T14:40:13.211Z

A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2.

Published: 2024-05-01T16:27:35.730Z
Updated: 2024-08-01T23:06:24.712Z

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4.

Published: 2024-05-02T13:11:38.955Z
Updated: 2024-08-01T23:06:24.159Z

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.

Published: 2024-05-02T13:11:29.433Z
Updated: 2024-08-01T23:06:24.232Z

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.

Published: 2024-08-06T15:29:26.050Z
Updated: 2024-08-06T20:06:58.896Z

An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.This issue affects Zscaler Client Connector on Mac : before 3.7.

Published: 2024-05-02T13:11:19.436Z
Updated: 2024-08-01T23:06:24.598Z

When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.

Published: 2023-06-22T19:15:55.258Z
Updated: 2024-12-06T15:13:35.280Z

A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.

Published: 2023-06-22T19:06:24.943Z
Updated: 2024-12-05T17:43:58.739Z

An out-of-bounds write to heap in the pacparser library on Zscaler Client Connector on Mac may lead to arbitrary code execution.

Published: 2024-05-02T13:10:31.933Z
Updated: 2024-08-02T13:51:38.162Z

Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.

Published: 2023-10-23T13:24:49.584Z
Updated: 2025-02-27T20:40:03.972Z

The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition.

Published: 2023-10-23T13:22:51.537Z
Updated: 2024-09-11T14:32:14.147Z