CVE-2023-28796 — Code Injection in Client Connector

CWE-94 — Code Injection CWE-347 — Improper Verification of Cryptographic Signature3 documents3 sources

Severity

7.8HIGHNVD

CNA7.1

EPSS

0.0%

top 98.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zscaler Client Connector

Timeline

PublishedOct 23

Description

Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5zscaler/client_connector< 1.3.1.6

▶NVDzscaler/client_connector< 1.3.1.6

🔴Vulnerability Details

CVEList

IPC Bypass Through PLT Section in ELF↗2023-10-23

▶

GHSA

GHSA-4pxq-qc65-2pqq: Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection↗2023-10-23

▶