CVE-2023-28797 - Vulnerability Details - OpenCVE

Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Zscaler	Client Connector

Configuration 1 [-]

cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*

No data.

References

Link	Providers
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Zscaler

Published: 2023-10-23T13:30:38.191Z

Updated: 2025-02-27T20:39:34.731Z

Reserved: 2023-03-23T18:29:15.802Z

Link: CVE-2023-28797

Vulnrichment

Updated: 2024-08-02T13:51:38.564Z

NVD

Status : Modified

Published: 2023-10-23T14:15:09.567

Modified: 2024-11-21T07:56:01.970

Link: CVE-2023-28797

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28797", "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "state": "PUBLISHED", "assignerShortName": "Zscaler", "dateReserved": "2023-03-23T18:29:15.802Z", "datePublished": "2023-10-23T13:30:38.191Z", "dateUpdated": "2025-02-27T20:39:34.731Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Client Connector", "vendor": "Zscaler", "versions": [{"lessThan": "4.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "R\u00e9mi Orious"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.\n<br>\n\n"}], "value": "Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "shortName": "Zscaler", "dateUpdated": "2023-10-23T13:30:38.191Z"}, "references": [{"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022"}], "source": {"discovery": "UNKNOWN"}, "title": "LPE using arbitrary file delete with Symlinks", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:51:38.564Z"}, "title": "CVE Program Container", "references": [{"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-26T21:49:22.483311Z", "id": "CVE-2023-28797", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T20:39:34.731Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28797", "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "state": "PUBLISHED", "assignerShortName": "Zscaler", "dateReserved": "2023-03-23T18:29:15.802Z", "datePublished": "2023-10-23T13:30:38.191Z", "dateUpdated": "2025-02-27T20:39:34.731Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Client Connector", "vendor": "Zscaler", "versions": [{"lessThan": "4.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "R\u00e9mi Orious"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.\n<br>\n\n"}], "value": "Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "shortName": "Zscaler", "dateUpdated": "2023-10-23T13:30:38.191Z"}, "references": [{"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022"}], "source": {"discovery": "UNKNOWN"}, "title": "LPE using arbitrary file delete with Symlinks", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:51:38.564Z"}, "title": "CVE Program Container", "references": [{"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28797", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-26T21:49:22.483311Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-26T19:57:06.695Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*", "matchCriteriaId": "54B697A3-9F3A-4C87-A8E9-462696DF7BB6", "versionEndExcluding": "4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.\n\n\n\n"}, {"lang": "es", "value": "Zscaler Client Connector para Windows anterior a 4.1 escribe/elimina un archivo de configuraci\u00f3n dentro de carpetas espec\u00edficas en el disco. Un usuario malintencionado puede reemplazar la carpeta y ejecutar c\u00f3digo como usuario privilegiado."}], "id": "CVE-2023-28797", "lastModified": "2024-11-21T07:56:01.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.5, "source": "cve@zscaler.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-23T14:15:09.567", "references": [{"source": "cve@zscaler.com", "tags": ["Release Notes"], "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022"}], "sourceIdentifier": "cve@zscaler.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "cve@zscaler.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}