CVE-2023-28802: Disable Zscaler using machine tunnel restart

4.9 CVSS

Description

An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149.

Classification

CVE ID: CVE-2023-28802

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.9

Affected Products

Vendor: Zscaler

Product: Client Connector

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 28.32% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.2

Timeline

2024-12-03 00:11:14 UTC
CVE

Disable Zscaler using machine tunnel restart