CVE-2024-23483: 
Zscaler Client Connector vulnerability analysis and mitigation

An Improper Input Validation vulnerability (CVE-2024-23483) was discovered in Zscaler Client Connector on MacOS that allows OS Command Injection. This vulnerability affects versions of Zscaler Client Connector on MacOS prior to version 4.2. The vulnerability was disclosed on August 6, 2024, and received a CVSS v3.1 base score of 9.8 (Critical) from NIST NVD (NVD).

The vulnerability is classified as both an Improper Input Validation (CWE-20) and Improper Neutralization of Special Elements used in an OS Command Injection (CWE-78). The CVSS v3.1 scoring indicates critical severity with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, suggesting the vulnerability is network accessible, requires low attack complexity, needs no privileges or user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

Based on the CVSS scoring and vulnerability classification, successful exploitation could allow attackers to execute arbitrary commands on the affected system through OS Command Injection, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability of the affected MacOS system (NVD).

Users should upgrade to Zscaler Client Connector version 4.2 or later for MacOS to address this vulnerability (Vendor Advisory).