CVE-2023-28797

HIGH Year: 2023
CVSS v3 Score
7.3
High
Weakness Type
CWE-59
View all →

Vulnerability Description

Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.

Related Vulnerabilities

CVE-2019-1317

HIGH
CVSS:7.3(High)

A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.

CWE-592019

CVE-2022-27883

HIGH
CVSS:7.3(High)

A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an ...

CWE-592022

CVE-2022-38604

HIGH
CVSS:7.3(High)

Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability.

CWE-592022

CVE-2022-40143

HIGH
CVSS:7.3(High)

A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could a...

CWE-592022

CVE-2023-35624

HIGH
CVSS:7.3(High)

Azure Connected Machine Agent Elevation of Privilege Vulnerability

CWE-592023