CVE-2021-26738

Published: Oct 23, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.

Affected (1)

Products: Zscaler: Client Connector

Zscaler

1 product

Client Connector

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zscaler Client Connector	Before 3.7

Related CWEs

CWE-426

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (2)

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.7&deployment_date=2022-08-19&id=1414851

Source: cve@zscaler.com

Release Notes

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.7&deployment_date=2022-08-19&id=1414851

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.