CVE-2024-23458

Summary

CVE-2024-23458 is a local privilege escalation vulnerability affecting the Zscaler Client Connector on Windows versions below 4.2.0.190. The issue arises due to a missing reparse point check during the process of copying autoupdater log files. Malicious actors could exploit this vulnerability by crafting attacks, potentially gaining elevated system privileges. This flaw poses a significant security risk and requires immediate attention from users and administrators. It is strongly recommended that they upgrade to the latest version of the Zscaler Client Connector to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.