CVE-2020-11635 Zscaler Windows Client Connector Local Privilege Escalation Vulnerability

Posted on: Tue, 16 Feb 2021 Resolved on: Tue, 16 Feb 2021

Severity: High

CVSS Base Score: 7.8

 

Affected: Zscaler Client Connector version 3.0.2 for Windows and prior.

Unaffected: Zscaler Client Connector version 3.1.0 for Windows and later.

 

The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.

 

Solution: This issue is fixed in Zscaler Client Connector version 3.1.0 for Windows and all later versions.

 

Acknowledgments: Zscaler thanks Richard Warren, Benjamin Dubost, Ceri Coburn (Pen Test Partners) for independently identifying and responsibly disclosing this vulnerability.

 

This incident has been resolved. Please contact Zscaler Support if you have additional questions.

Zscaler.net ZscalerOne.net ZscalerTwo.net ZsCloud.net ZscalerThree.net Zscaler Private Access Zscalergov.net ZpaGov.net Zscaler Digital Experience
Security
Any Questions? Leave us feedback: trust-feedback@zscaler.com
© 2008-2018 Zscaler, Inc. All rights reserved.