CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28802 – Disable Zscaler using machine tunnel restart
https://notcve.org/view.php?id=CVE-2023-28802
An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149. Una validación incorrecta del valor de verificación de integridad en Zscaler Client Connector en Windows permite a un usuario autenticado deshabilitar ZIA/ZPA interrumpiendo el reinicio del servicio desde Zscaler Diagnostics. Este problema afecta a Client Connector: anterior a 4.2.0.149. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.2 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28794 – PAC Files Exposed to Internet Websites
https://notcve.org/view.php?id=CVE-2023-28794
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. La vulnerabilidad de error de validación de origen en Zscaler Client Connector en Linux permite el abuso de privilegios. Este problema afecta a Zscaler Client Connector para Linux: versiones anteriores a 1.3.1.6. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19 • CWE-346: Origin Validation Error •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28805 – ZCC on Linux privilege escalation
https://notcve.org/view.php?id=CVE-2023-28805
An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105 Una vulnerabilidad de validación de entrada incorrecta en Zscaler Client Connector en Linux permite la escalada de privilegios. Este problema afecta a Client Connector: anterior a 1.4.0.105 • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28804 – Linux ZCC allows unsigned updates, allowing elevated Code Execution
https://notcve.org/view.php?id=CVE-2023-28804
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105 Una vulnerabilidad de verificación incorrecta de Cryptographic Signature en Zscaler Client Connector en Linux permite reemplazar archivos binarios. Este problema afecta a Linux Client Connector: antes de 1.4.0.105 • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28803 – Traffic being bypassed by ZCC by configuring synthetic IP range as local network
https://notcve.org/view.php?id=CVE-2023-28803
An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9. Es posible omitir la autenticación mediante la suplantación de un dispositivo con una dirección IP sintética en Zscaler Client Connector en Windows, lo que permite omitir la funcionalidad. Este problema afecta a Client Connector: versiones anteriores a 3.9. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023 • CWE-290: Authentication Bypass by Spoofing •