3 matches found
CVE-2023-28797
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user...
CVE-2023-28797 LPE using arbitrary file delete with Symlinks
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user...
CVE-2023-28797
CVE-2023-28797 affects Zscaler Client Connector for Windows prior to version 4.1. The vulnerability arises from how the client writes/deletes a configuration file inside specific folders on disk, allowing a local attacker to replace the folder and execute code with elevated privileges. Impact is ...