CVE-2023-28806 in Client Connector
Summary
by MITRE • 08/06/2024
An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/24/2025
The vulnerability identified as CVE-2023-28806 represents a critical weakness in the Zscaler Client Connector authentication mechanism on Windows platforms. This flaw resides in the signature validation process, which is fundamental to ensuring the integrity and authenticity of client communications within the Zscaler security ecosystem. The improper validation allows malicious actors who have already established authentication credentials to exploit a weakness in the anti-tampering mechanisms that are designed to prevent unauthorized modifications to the client software. The vulnerability specifically impacts versions of the Zscaler Client Connector prior to 4.2.0.190, indicating that this represents a known issue that was addressed in a subsequent software release.
The technical nature of this vulnerability stems from insufficient cryptographic signature verification within the Windows client implementation. When the client connector validates digital signatures, it fails to properly authenticate the integrity of the cryptographic verification process itself. This creates a scenario where an authenticated user can manipulate the signature validation routine to bypass security controls that are meant to detect and prevent tampering with the client software. The flaw essentially allows an attacker to effectively disable the anti-tampering protections that are critical for maintaining the security posture of the endpoint.
From an operational standpoint, this vulnerability presents significant risks to organizations relying on Zscaler's client connector for network security. The ability to disable anti-tampering mechanisms means that an authenticated attacker could potentially modify the client software to bypass security controls, redirect traffic through unauthorized channels, or install malicious components that would otherwise be detected by the anti-tampering protections. This represents a direct threat to the integrity of the security infrastructure and could enable further lateral movement within the network or data exfiltration activities.
The impact of this vulnerability aligns with CWE-347, which addresses improper validation of cryptographic signatures, and can be mapped to ATT&CK technique T1556.3, which covers credential access through the manipulation of authentication mechanisms. Organizations should prioritize immediate remediation by upgrading to Zscaler Client Connector version 4.2.0.190 or later, which contains the necessary patches to address the signature validation weakness. Additionally, security teams should implement monitoring for unauthorized modifications to client software and establish robust patch management processes to ensure timely deployment of security updates across all endpoints. The vulnerability underscores the importance of maintaining up-to-date security software and the critical need for proper cryptographic validation in client-server authentication systems.