CVE-2023-28802: 
Zscaler Client Connector vulnerability analysis and mitigation

CVE-2023-28802 is a vulnerability affecting Zscaler Client Connector on Windows versions before 4.2.0.149. The vulnerability was discovered and disclosed in March 2023, as indicated by the record creation date of March 23, 2023. It involves an Improper Validation of Integrity Check Value that allows an authenticated user to disable ZIA/ZPA functionality (NVD, CVE).

The vulnerability is classified as CWE-354 (Improper Validation of Integrity Check Value). According to the CVSS 3.1 scoring, NVD assigned a base score of 5.4 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L, while Zscaler assigned a score of 4.9 (Medium) with vector string CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N (NVD).

The vulnerability allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This can lead to potential integrity and availability impacts on the affected systems (NVD).

The vulnerability has been addressed in Zscaler Client Connector version 4.2.0.149 and later. Users are advised to upgrade to this version or newer to mitigate the vulnerability (NVD).