CVE-2023-28802: Disable Zscaler using machine tunnel restart
First published: Tue Nov 21 2023(Updated: )
An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149.
Credit: cve@zscaler.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zscaler Client Connector for Windows | <4.2.0.149 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-28802.
How can an authenticated user disable ZIA/ZPA?
An authenticated user can disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics.
Which version of Zscaler Client Connector is affected?
Zscaler Client Connector versions before 4.2.0.149 are affected.
What is the severity rating of this vulnerability?
This vulnerability has a severity rating of medium (5.4).
Is there a fix available for this vulnerability?
Yes, updating Zscaler Client Connector to version 4.2.0.149 or later will fix this vulnerability.
- agent/event
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/weakness
- agent/title
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/zscaler
- canonical/zscaler client connector for windows