Improper Validation of Signature Allows Disabling of Anti-Tampering
CVE-2023-28806

6.5MEDIUM

Key Information:

Vendor: Zscaler
Status: Client Connector
Vendor: CVE Published:; 6 August 2024

What is CVE-2023-28806?

An issue in the Zscaler Client Connector for Windows permits an authenticated user to bypass anti-tampering mechanisms due to improper signature validation. This vulnerability affects versions of the Client Connector prior to 4.2.0.190, leading to potential security risks. Users are advised to upgrade to the latest version to mitigate exploitation risks. Comprehensive documentation regarding the issue can be found in the Zscaler release summary.

Affected Version(s)

Client Connector Windows 0 < 4.2.0.190

References

https://help.zscaler.com/client-connector/client-connecto...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Mar 23, 2023

Credit

Equinor Red Team