CVE-2023-28806Improper Verification of Cryptographic Signature in Client Connector

CWE-347Improper Verification of Cryptographic Signature3 documents3 sources
Severity
6.5MEDIUMNVD
CNA5.7
EPSS
0.0%
top 94.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zscaler Client Connector
Timeline
PublishedAug 6

Description

An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5zscaler/client_connector< 4.2.0.190
NVDzscaler/client_connector< 4.2.0.190

🔴Vulnerability Details

2
CVEList
Signature validation error in DLL allows disabling anti-tampering protection2024-08-06
GHSA
GHSA-hrw8-hpf8-7q72: An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering2024-08-06
CVE-2023-28806 — Zscaler Client Connector vulnerability | cvebase