CVE-2023-28802

Sažetak

An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149.

Reference

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.2
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.2

CVSS

Base:	4.9
Impact:	4.2
Exploitability:	0.7

Pristup

Vektor	Složenost	Autentikacija
PHYSICAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

06-01-2026 - 07:15

Objavljeno

21-11-2023 - 11:15