8.2

CVE-2023-28804

Linux ZCC allows unsigned updates, allowing elevated Code Execution

An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZscalerClient Connector SwPlatformlinux Version < 1.4.0.105
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.151
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cve@zscaler.com 8.2 3.9 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023
Release Notes