CVE-2020-11635 Zscaler Windows Client Connector Local Privilege Escalation Vulnerability
CVSS Base Score: 7.8
Affected: Zscaler Client Connector version 3.0.2 for Windows and prior.
Unaffected: Zscaler Client Connector version 3.1.0 for Windows and later.
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.
Solution: This issue is fixed in Zscaler Client Connector version 3.1.0 for Windows and all later versions.
Acknowledgments: Zscaler thanks Richard Warren, Benjamin Dubost, Ceri Coburn (Pen Test Partners) for independently identifying and responsibly disclosing this vulnerability.
This incident has been resolved. Please contact Zscaler Support if you have additional questions.