Lucene search

ZscalerCVE-2023-28806

HistoryAug 06, 2024 - 4:15 p.m.

CVE-2023-28806

2024-08-0616:15:46

CWE-347

Zscaler

web.nvd.nist.gov

zscaler

client connector

windows

signature validation

anti-tampering.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

16.8%

JSON

An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190.

Affected configurations

Nvd

Node

zscalerclient_connectorRange<4.2.0.190windows

VendorProductVersionCPE
zscalerclient_connector*cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
zscaler	client_connector	*	cpe:2.3:a:zscaler:client_connector::::::windows::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Client Connector",
    "vendor": "Zscaler",
    "versions": [
      {
        "lessThan": "4.2.0.190",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

16.8%

JSON

Related for CVE-2023-28806