CVE-2023-28796

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Oct 23, 2023
Updated: Oct 27, 2023
CWE ID 347

Summary

CVE-2023-28796 is an improper verification of cryptographic signature vulnerability found in Zscaler Client Connector for Linux versions before 1.3.1.6, allowing code injection. This vulnerability has a base severity rating of HIGH with a base score of 7.1 out of 10. The exploitability score is 1.8 out of 10, indicating a relatively low level of difficulty for potential attackers. The impact score is 5.2 out of 10, indicating a potentially significant impact on the integrity of affected systems. The vulnerability poses a risk to organizations using Zscaler Client Connector on Linux and could be exploited by an attacker with low privileges and local access to the system. It is crucial for organizations to update their Zscaler Client Connector for Linux to version 1.3.1.6 or later in order to remediate this vulnerability and mitigate the potential danger it poses to their systems and data security.

Note: The provided information is based on the content given and does not include any additional external sources or analysis beyond the provided text.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-28796 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options