Zscaler · Zscaler Client Connector For Windows · CVE-2023-28797
**Name of the Vulnerable Software and Affected Versions**
Zscaler Client Connector for Windows versions prior to 4.1
**Description**
The issue allows a malicious user to execute code as a privileged user by replacing a folder where the Zscaler Client Connector for Windows writes or deletes a configuration file.
**Recommendations**
For versions prior to 4.1, update to version 4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the specific folders on the disk where the configuration file is written or deleted to minimize the risk of exploitation.