Lucene search

ZscalerCVELIST:CVE-2023-28805

HistoryOct 23, 2023 - 1:33 p.m.

CVE-2023-28805 ZCC on Linux privilege escalation

2023-10-2313:33:57

CWE-20

Zscaler

www.cve.org

zscaler client connector

linux

privilege escalation

cve-2023-28805

improper input validation

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.4%

JSON

An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Client Connector",
    "vendor": "Zscaler",
    "versions": [
      {
        "lessThan": "1.4.0.105",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

help.zscaler.com/client-connector/client-connector-app-release-summary-2023

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.4%

JSON

Related for CVELIST:CVE-2023-28805