Unrated severityNVD Advisory· Published Oct 23, 2023· Updated Feb 27, 2025
LPE using arbitrary file delete with Symlinks
CVE-2023-28797
Description
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.
Affected products
2<4.1+ 1 more
- (no CPE)range: <4.1
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.