CVE-2024-23464: 
Zscaler Client Connector vulnerability analysis and mitigation

CVE-2024-23464 affects Zscaler Internet Access (ZIA) through the Zscaler Client Connector on Windows versions prior to 4.2.1. The vulnerability was discovered and disclosed on August 6, 2024, impacting the security controls of Zscaler's network access solution (NVD).

The vulnerability allows PowerShell commands with admin rights to disable Zscaler Internet Access (ZIA) under certain conditions. The severity of this vulnerability has been assessed with different CVSS v3.1 scores: NIST rates it as MEDIUM with a base score of 4.9 (Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N), while Zscaler rates it as HIGH with a base score of 7.2 (Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) (NVD).

If exploited, this vulnerability could allow an attacker with administrative privileges to disable Zscaler Internet Access, potentially compromising the security controls and network protection provided by the ZIA service (NVD).

The vulnerability has been addressed in Zscaler Client Connector version 4.2.1 and later for Windows. Organizations are advised to upgrade to the latest version to mitigate this security risk (Vendor Advisory).