CVE-2023-28802 in Client Connector
Summary
by MITRE • 11/21/2023
An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/06/2026
The vulnerability identified as CVE-2023-28802 represents a critical integrity validation flaw within the Zscaler Client Connector software for Windows platforms. This issue specifically targets the client connector version prior to 4.2.0.149, where improper validation of integrity check values creates a pathway for authenticated users to disrupt the service restart process through Zscaler Diagnostics. The flaw resides in the software's failure to properly verify the integrity of critical system components during the restart sequence, allowing malicious actors with legitimate access to potentially compromise the security posture of organizations relying on Zscaler's cloud security services.
The technical implementation of this vulnerability stems from insufficient cryptographic validation mechanisms within the Zscaler Client Connector's update and restart procedures. When the service attempts to restart through Zscaler Diagnostics, the system should validate the integrity of all components using proper checksums or digital signatures before proceeding with the restart process. However, the flawed implementation allows an authenticated user to manipulate or bypass these validation checks, effectively creating a condition where the service can be terminated or restarted in an unauthorized manner. This represents a direct violation of the principle of least privilege and proper access control mechanisms that should be enforced during system maintenance operations.
The operational impact of this vulnerability extends beyond simple service disruption to encompass potential security policy bypasses and unauthorized access to protected network resources. Organizations utilizing Zscaler's ZIA (Zscaler Internet Access) and ZPA (Zscaler Private Access) services may find their security controls compromised when an authenticated user leverages this vulnerability to interrupt service restarts. The ability to disable these critical security services creates opportunities for attackers to bypass network security controls, potentially leading to data exfiltration, lateral movement, or other malicious activities. This vulnerability directly affects the availability and integrity of security services that organizations depend upon for protecting their network infrastructure and sensitive data assets.
Organizations should immediately implement mitigation strategies including upgrading to Zscaler Client Connector version 4.2.0.149 or later, which contains the necessary patches to address the integrity validation flaw. System administrators should also monitor for unauthorized access attempts and implement additional logging controls to detect suspicious service restart activities. The vulnerability aligns with CWE-347, which addresses improper verification of cryptographic signatures, and represents a potential pathway for techniques described in the MITRE ATT&CK framework under T1566 for credential access and T1490 for endpoint denial of service. Network segmentation and privileged access management controls should be strengthened to limit the potential impact of authenticated users who might attempt to exploit this vulnerability, particularly in environments where the client connector operates with elevated privileges.