{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23462", "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "state": "PUBLISHED", "assignerShortName": "Zscaler", "dateReserved": "2024-01-17T15:15:47.221Z", "datePublished": "2024-05-02T13:11:38.955Z", "dateUpdated": "2024-08-01T23:06:24.159Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS"], "product": "Client Connector", "vendor": "Zscaler", "versions": [{"lessThan": "3.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "LMCO Red Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.<p>This issue affects Client Connector on MacOS: before 3.4.</p>"}], "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4.\n\n"}], "impacts": [{"capecId": "CAPEC-207", "descriptions": [{"lang": "en", "value": "CAPEC-207 Removing Important Client Functionality"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-354", "description": "CWE-354 Improper Validation of Integrity Check Value", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "shortName": "Zscaler", "dateUpdated": "2024-05-02T13:11:38.955Z"}, "references": [{"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4"}], "source": {"discovery": "UNKNOWN"}, "title": "ZCC Mac validinstaller file integrity check missing", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T15:08:26.220457Z", "id": "CVE-2024-23462", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T15:08:35.249Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:24.159Z"}, "title": "CVE Program Container", "references": [{"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:24.159Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23462", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-17T15:08:26.220457Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T15:08:31.152Z"}}], "cna": {"title": "ZCC Mac validinstaller file integrity check missing", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "LMCO Red Team"}], "impacts": [{"capecId": "CAPEC-207", "descriptions": [{"lang": "en", "value": "CAPEC-207 Removing Important Client Functionality"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zscaler", "product": "Client Connector", "versions": [{"status": "affected", "version": "0", "lessThan": "3.4", "versionType": "custom"}], "platforms": ["MacOS"], "defaultStatus": "unaffected"}], "references": [{"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4.\n\n", "supportingMedia": [{"type": "text/html", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.<p>This issue affects Client Connector on MacOS: before 3.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-354", "description": "CWE-354 Improper Validation of Integrity Check Value"}]}], "providerMetadata": {"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "shortName": "Zscaler", "dateUpdated": "2024-05-02T13:11:38.955Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23462", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:06:24.159Z", "dateReserved": "2024-01-17T15:15:47.221Z", "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "datePublished": "2024-05-02T13:11:38.955Z", "assignerShortName": "Zscaler"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n inadecuada del valor de verificaci\u00f3n de integridad en Zscaler Client Connector en MacOS permite una denegaci\u00f3n de servicio del binario de Client Connector y, por lo tanto, elimina la funcionalidad del cliente. Este problema afecta a Client Connector en MacOS: versiones anteriores a 3.4."}], "id": "CVE-2024-23462", "lastModified": "2024-05-02T13:27:25.103", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cve@zscaler.com", "type": "Secondary"}]}, "published": "2024-05-02T13:23:06.810", "references": [{"source": "cve@zscaler.com", "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4"}], "sourceIdentifier": "cve@zscaler.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "cve@zscaler.com", "type": "Secondary"}]}

{}