Lucene search

K
cve[email protected]CVE-2023-28797
HistoryOct 23, 2023 - 2:15 p.m.

CVE-2023-28797

2023-10-2314:15:09
CWE-59
web.nvd.nist.gov
26
zscaler
windows
cve-2023-28797
privilege escalation
file manipulation

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.

Affected configurations

NVD
Node
zscalerclient_connectorRange<4.1windows

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Client Connector",
    "vendor": "Zscaler",
    "versions": [
      {
        "lessThan": "4.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for CVE-2023-28797