8.2
CVE-2023-28804
- EPSS 0.24%
- Veröffentlicht 23.10.2023 14:15:09
- Zuletzt bearbeitet 21.11.2024 07:56:02
- Quelle cve@zscaler.com
- CVE-Watchlists
- Unerledigt
Linux ZCC allows unsigned updates, allowing elevated Code Execution
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zscaler ≫ Client Connector SwPlatformlinux Version < 1.4.0.105
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.151 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| cve@zscaler.com | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023