CVE-2023-41970

CVSS v3 6.0 MEDIUM

6.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 5.5

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

A

n Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.

References

Link	Resource
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1	Vendor Advisory Release Notes
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1	Vendor Advisory Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*

History

19 Feb 2026, 19:33

Type	Values Removed	Values Added
CPE		cpe:2.3:a:zscaler:client_connector::::::windows::*
References	~~() https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1 -~~	() https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1 - Vendor Advisory, Release Notes
First Time		Zscaler client Connector Zscaler

21 Nov 2024, 08:22

Type	Values Removed	Values Added
References	~~() https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1 -~~	() https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1 -

02 May 2024, 13:27

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-02 13:23

Updated : 2026-02-19 19:33

NVD link : CVE-2023-41970

Mitre link : CVE-2023-41970

CVE.ORG link : CVE-2023-41970

JSON object : View

Products Affected

client_connector

CWE

CWE-354

Improper Validation of Integrity Check Value

{"id": "CVE-2023-41970", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-05-02T13:23:06.003", "references": [{"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1", "tags": ["Vendor Advisory", "Release Notes"], "source": "[email protected]"}, {"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows&applicable_version=4.1", "tags": ["Vendor Advisory", "Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-354"}]}], "descriptions": [{"lang": "en", "value": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n incorrecta del valor de verificaci\u00f3n de integridad en Zscaler Client Connector en Windows durante la funcionalidad de la aplicaci\u00f3n de reparaci\u00f3n puede permitir la ejecuci\u00f3n local de c\u00f3digo. Este problema afecta a Client Connector en Windows: antes de 4.1.0.62."}], "lastModified": "2026-02-19T19:33:30.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "EEF79923-5219-4FB5-8EEA-C552D470C1F2", "versionEndExcluding": "4.1.0.62"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}