CVE-2023-28796

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Oct 23, 2023
Updated: Oct 27, 2023
CWE ID 347

Summary

CVE-2023-28796 is an improper verification of cryptographic signature vulnerability found in Zscaler Client Connector for Linux versions before 1.3.1.6, allowing code injection. This vulnerability has a base severity rating of HIGH with a base score of 7.1 out of 10. The exploitability score is 1.8 out of 10, indicating a relatively low level of difficulty for potential attackers. The impact score is 5.2 out of 10, indicating a potentially significant impact on the integrity of affected systems. The vulnerability poses a risk to organizations using Zscaler Client Connector on Linux and could be exploited by an attacker with low privileges and local access to the system. It is crucial for organizations to update their Zscaler Client Connector for Linux to version 1.3.1.6 or later in order to remediate this vulnerability and mitigate the potential danger it poses to their systems and data security. Note: The provided information is based on the content given and does not include any additional external sources or analysis beyond the provided text.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-28796 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database