VYPR
Unrated severityNVD Advisory· Published Oct 23, 2023· Updated Feb 27, 2025

LPE using arbitrary file delete with Symlinks

CVE-2023-28797

Description

Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.