Lucene search

[email protected]CVE-2023-28802

HistoryNov 21, 2023 - 11:15 a.m.

CVE-2023-28802

2023-11-2111:15:08

CWE-354

[email protected]

web.nvd.nist.gov

cve-2023-28802

zscaler

windows

integrity check

authentication

zia

zpa

service restart

vulnerability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149.

Affected configurations

NVD

Node

zscalerclient_connectorRange<4.2.0.149windows

CPENameOperatorVersion
zscaler:client_connectorzscaler client connectorlt4.2.0.149

CPE	Name	Operator	Version
zscaler:client_connector	zscaler client connector	lt	4.2.0.149

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Client Connector",
    "vendor": "Zscaler",
    "versions": [
      {
        "lessThan": "4.2.0.149",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.2

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for CVE-2023-28802

nvd1 prion1 cvelist1