PT-2023-21978 · Microsoft+1 · Windows+1
Simon Cecchini
·
Published
2023-11-21
·
Updated
2026-01-06
·
CVE-2023-28802
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Zscaler Client Connector versions prior to 4.2.0.149
Description
An issue with improper validation of integrity check values in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics.
Recommendations
For versions prior to 4.2.0.149, update to version 4.2.0.149 or later to resolve the issue. As a temporary workaround, consider restricting access to Zscaler Diagnostics to prevent interruption of the service restart.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows
Zscaler Client Connector