CVE-2023-28804: 
Zscaler Client Connector vulnerability analysis and mitigation

An Improper Verification of Cryptographic Signature vulnerability (CVE-2023-28804) was identified in Zscaler Client Connector on Linux systems versions before 1.4.0.105. This vulnerability is classified as CWE-347 (Improper Verification of Cryptographic Signature) and allows for potential binary replacement attacks (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (MEDIUM) by NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, while Zscaler assessed it with a score of 8.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N. The vulnerability characteristics include network-based attack vector, low attack complexity, no privileges required, and no user interaction needed (NVD).

The vulnerability could potentially allow attackers to replace binaries in the affected Linux Client Connector systems. According to the CVSS metrics, while NIST indicates low integrity impact with no confidentiality impact, Zscaler's assessment suggests high confidentiality impact with low integrity impact (NVD).

The vulnerability has been addressed in Zscaler Client Connector version 1.4.0.105 and later versions. Users are advised to upgrade to the patched version to mitigate the risk (Zscaler Release Notes).