Login Sign Up

CVE-2024-23462

3.3 LOW
Denial of Service

📋 TL;DR

An improper validation vulnerability in Zscaler Client Connector on macOS allows attackers to cause denial of service by crashing the client binary, which removes VPN and security functionality. This affects macOS users running Zscaler Client Connector versions before 3.4.

💻 Affected Systems

Products:
  • Zscaler Client Connector
Versions: All versions before 3.4
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects macOS version of Zscaler Client Connector. Windows and other platforms are not affected.

📦 What is this software?

Client Connector by Zscaler

View all CVEs affecting Client Connector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of VPN connectivity and security protections for affected macOS endpoints, potentially exposing them to network-based attacks.

🟠

Likely Case

Temporary disruption of Zscaler Client Connector service requiring manual restart or system reboot to restore functionality.

🟢

If Mitigated

Minimal impact with proper monitoring and rapid incident response procedures in place.

🌐 Internet-Facing: LOW - This is a client-side application vulnerability, not directly internet-exposed.
🏢 Internal Only: MEDIUM - Requires local access or ability to trigger the vulnerability on affected macOS systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to trigger the integrity check validation failure on the target system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4

Vendor Advisory: https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos&applicable_version=3.4

Restart Required: Yes

Instructions:

1. Download Zscaler Client Connector 3.4 or later from official Zscaler sources. 2. Install the update following standard macOS application installation procedures. 3. Restart the application or system as prompted.

🔧 Temporary Workarounds

Restart Service Workaround

macos

Manually restart Zscaler Client Connector service if it crashes

sudo launchctl stop com.zscaler.ZscalerService
sudo launchctl start com.zscaler.ZscalerService

🧯 If You Can't Patch

  • Implement network monitoring to detect when Zscaler Client Connector stops functioning
  • Establish procedures for rapid manual restart of the service when crashes occur

🔍 How to Verify

Check if Vulnerable:

Check Zscaler Client Connector version in application settings or via 'defaults read /Applications/Zscaler/Zscaler.app/Contents/Info.plist CFBundleShortVersionString'

Check Version:

defaults read /Applications/Zscaler/Zscaler.app/Contents/Info.plist CFBundleShortVersionString

Verify Fix Applied:

Confirm version is 3.4 or higher using the same command

📡 Detection & Monitoring

Log Indicators:

  • Zscaler Client Connector crash logs in Console.app
  • Unexpected termination of Zscaler processes

Network Indicators:

  • Sudden loss of VPN connectivity from macOS endpoints
  • Zscaler tunnel disconnection events

SIEM Query:

source="macos" AND (process="Zscaler" OR process="ZscalerService") AND event="crash" OR event="terminated"

📊 Metadata

CVE ID: CVE-2024-23462
CVSS v3 Score: 3.3 (LOW)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-354
Published: May 2, 2024
Last Updated: February 17, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23462, you might also want to check these:

CVE-2025-11543 9.8

This vulnerability allows attackers to bypass integrity checks and install unauthorized firmware on ...

Same vulnerability type (CWE-354)
CVE-2024-25678 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) Library involves mishandled DCID (Destination Connecti...

Same vulnerability type (CWE-354)
CVE-2025-54887 9.1

This vulnerability in the Ruby JWE library allows attackers to brute-force authentication tags in en...

Same vulnerability type (CWE-354)