CVE-2024-23464

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Aug 6, 2024
Updated: Aug 7, 2024
CWE ID 281

Summary

CVE-2024-23464 is a vulnerability affecting Zscaler Internet Access (ZIA) on Windows versions of the Zscaler Client Connector below 4.2.1. With admin rights, an attacker can exploit this issue by employing PowerShell commands to disable ZIA, potentially compromising the security of the network and exposing users to various online threats. This vulnerability can lead to bypassing the ZIA security features, rendering the organization's internet traffic vulnerable to unauthorized access and data breaches. To mitigate this risk, it is highly recommended that organizations update their Zscaler Client Connector to the latest version as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Zscaler Client Connector

Affected Vendors

  • Zscaler