Lucene search

ZscalerCVELIST:CVE-2023-28802

HistoryNov 21, 2023 - 10:51 a.m.

CVE-2023-28802 Disable Zscaler using machine tunnel restart

2023-11-2110:51:50

CWE-354

Zscaler

www.cve.org

zscaler

windows

integrity check

disable

service restart

4.9 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

0.0004 Low

EPSS

Percentile

13.3%

JSON

An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Client Connector",
    "vendor": "Zscaler",
    "versions": [
      {
        "lessThan": "4.2.0.149",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.2

4.9 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for CVELIST:CVE-2023-28802