CVE-2023-41970 - Vulnerability Details - OpenCVE

Description

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.

Published: 2024-05-02

Score: 6 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Zscaler

Client Connector

unaffected

Version	Status	Constraints
`0`	affected	< 4.1.0.62

Configuration 1 [-]

cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-46429	An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00054.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1

History

Thu, 19 Feb 2026 19:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:zscaler:client_connector::::::windows::*

Subscriptions

Zscaler Client Connector

MITRE

Status: PUBLISHED

Assigner: Zscaler

Published: 2024-05-02T13:10:51.042Z

Updated: 2024-08-02T19:09:49.453Z

Reserved: 2023-09-06T17:14:12.958Z

Link: CVE-2023-41970

Vulnrichment

Updated: 2024-05-02T16:51:08.763Z

NVD

Status : Analyzed

Published: 2024-05-02T13:23:06.003

Modified: 2026-02-19T19:33:30.827

Link: CVE-2023-41970

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-354

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41970", "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "state": "PUBLISHED", "assignerShortName": "Zscaler", "dateReserved": "2023-09-06T17:14:12.958Z", "datePublished": "2024-05-02T13:10:51.042Z", "dateUpdated": "2024-08-02T19:09:49.453Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Client Connector", "vendor": "Zscaler", "versions": [{"lessThan": "4.1.0.62", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.<p>This issue affects Client Connector on Windows: before 4.1.0.62.</p>"}], "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.\n\n"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-354", "description": "CWE-354 Improper Validation of Integrity Check Value", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "shortName": "Zscaler", "dateUpdated": "2024-05-02T13:10:51.042Z"}, "references": [{"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1"}], "source": {"discovery": "UNKNOWN"}, "title": "Repair App local code execution with arbitrary privileges", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41970", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-02T16:50:16.387171Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:zscaler:client_connector:-:*:*:*:*:windows:*:*"], "vendor": "zscaler", "product": "client_connector", "versions": [{"status": "affected", "version": "0", "lessThan": "4.1.0.62", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:21:59.125Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:09:49.453Z"}, "title": "CVE Program Container", "references": [{"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41970", "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "state": "PUBLISHED", "assignerShortName": "Zscaler", "dateReserved": "2023-09-06T17:14:12.958Z", "datePublished": "2024-05-02T13:10:51.042Z", "dateUpdated": "2024-06-04T17:21:59.125Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Client Connector", "vendor": "Zscaler", "versions": [{"lessThan": "4.1.0.62", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.<p>This issue affects Client Connector on Windows: before 4.1.0.62.</p>"}], "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.\n\n"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-354", "description": "CWE-354 Improper Validation of Integrity Check Value", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "shortName": "Zscaler", "dateUpdated": "2024-05-02T13:10:51.042Z"}, "references": [{"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1"}], "source": {"discovery": "UNKNOWN"}, "title": "Repair App local code execution with arbitrary privileges", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41970", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-02T16:50:16.387171Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:zscaler:client_connector:-:*:*:*:*:windows:*:*"], "vendor": "zscaler", "product": "client_connector", "versions": [{"status": "affected", "version": "0", "lessThan": "4.1.0.62", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-02T16:51:08.763Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*", "matchCriteriaId": "EEF79923-5219-4FB5-8EEA-C552D470C1F2", "versionEndExcluding": "4.1.0.62", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n incorrecta del valor de verificaci\u00f3n de integridad en Zscaler Client Connector en Windows durante la funcionalidad de la aplicaci\u00f3n de reparaci\u00f3n puede permitir la ejecuci\u00f3n local de c\u00f3digo. Este problema afecta a Client Connector en Windows: antes de 4.1.0.62."}], "id": "CVE-2023-41970", "lastModified": "2026-02-19T19:33:30.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.5, "source": "cve@zscaler.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-02T13:23:06.003", "references": [{"source": "cve@zscaler.com", "tags": ["Vendor Advisory", "Release Notes"], "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory", "Release Notes"], "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1"}], "sourceIdentifier": "cve@zscaler.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "cve@zscaler.com", "type": "Secondary"}]}