CVE-2023-41970: 
Zscaler Client Connector vulnerability analysis and mitigation

An Improper Validation of Integrity Check Value vulnerability (CWE-354) was discovered in Zscaler Client Connector on Windows during the Repair App functionality. The vulnerability affects versions prior to 4.1.0.62 and was disclosed in May 2024. This security flaw could potentially allow local execution of code on affected systems (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.0 (MEDIUM) with the following vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L. This indicates that the vulnerability requires local access, high privileges, and is complex to exploit, but could result in high impacts to confidentiality and integrity, with low impact to availability (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute code locally on the affected system, potentially compromising the security of the Zscaler Client Connector application. The impact includes potential unauthorized access to system resources and possible system manipulation (NVD).

The vulnerability has been patched in Zscaler Client Connector version 4.1.0.62. Organizations are advised to upgrade to this version or later to address the security issue. The fix was included as part of the Zscaler Client Connector 4.1 release (Zscaler Docs).