Vulnerabilities > CVE-2023-28805 - Unspecified vulnerability in Zscaler Client Connector

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

zscaler

critical

NVD

Published: 2023-10-23

Updated: 2024-10-17

Summary

An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105

Vulnerable Configurations

Part	Description	Count
Application	Zscaler Zscaler Client Connector - Zscaler Client Connector 1.3 Zscaler Client Connector 1.3.0.31 Zscaler Client Connector 1.3.1 Zscaler Client Connector 1.3.1.6 Zscaler Client Connector 1.4 Zscaler Client Connector 1.4.0.58	7

References

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023