Unquoted Service Path Vulnerability in Zscaler Client Connector

Unquoted Service Path Vulnerability in Zscaler Client Connector

CVE-2020-11632 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.

Learn more about our Web Application Penetration Testing UK.