GCVE - cpe:2.3:a:zscaler:client_connector:-:*:*:*:*:windows:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zscaler:client_connector:-:*:*:*:*:windows:*:*

part: a version: - update: *

Vendor	Zscaler (`8b33ada7-550b-5f0e-9389-e0b74c251549`)
Product	Client Connector (`bb852fb1-4e37-50bb-bf86-92fbacf5703d`)
Edition	*
Language	*
Software edition	*
Target software	windows
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-3661`	vulnerable	2026-06-08 06:43:51.148438	DHCP routing options can manipulate interface-based VPN traffic HIGH (7.6) DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. Published: 2024-05-06T18:31:21.217Z Updated: 2024-08-28T19:09:06.995Z Open on db.gcve.eu Reference links https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://tunnelvisionbug.com/ https://www.leviathansecurity.com/research/tunnelvision https://news.ycombinator.com/item?id=40279632	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-23457`	vulnerable	2026-06-08 06:29:39.766022	Anti-tampering can be disabled with uninstall password enforced HIGH (7.8) The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects Zscaler Client Connector on Windows prior to 4.2.0.209 Published: 2024-05-01T16:26:11.546Z Updated: 2024-08-01T23:06:24.279Z Open on db.gcve.eu Reference links https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-41970`	vulnerable	2026-06-08 06:11:07.575829	Repair App local code execution with arbitrary privileges MEDIUM (6) An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62. Published: 2024-05-02T13:10:51.042Z Updated: 2024-08-02T19:09:49.453Z Open on db.gcve.eu Reference links https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.