PT-2023-21978 · Microsoft+1 · Windows+1

Simon Cecchini

Publicado

2023-11-21

Atualizado

2026-01-06

CVE-2023-28802

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Zscaler Client Connector versions prior to 4.2.0.149

Description An issue with improper validation of integrity check values in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics.

Recommendations For versions prior to 4.2.0.149, update to version 4.2.0.149 or later to resolve the issue. As a temporary workaround, consider restricting access to Zscaler Diagnostics to prevent interruption of the service restart.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-354

Identificadores relacionados

CVE-2023-28802

Produtos afetados

Windows

Zscaler Client Connector

PT-2023-21978 · Microsoft+1 · Windows+1

CVE-2023-28802

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7