CVE-2023-28798 – This vulnerability allows an attacker to write ... (How to Fix)

Q: What is the severity of CVE-2023-28798?

CVE-2023-28798 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows an attacker to write data beyond allocated heap memory boundaries in the pacparser library used by Zscaler Client Connector on macOS. Successful exploitation could lead to arbitrary code execution with the privileges of the Zscaler Client Connector process. Only macOS users running affected versions of Zscaler Client Connector are impacted.

📋 TL;DR

This vulnerability allows an attacker to write data beyond allocated heap memory boundaries in the pacparser library used by Zscaler Client Connector on macOS. Successful exploitation could lead to arbitrary code execution with the privileges of the Zscaler Client Connector process. Only macOS users running affected versions of Zscaler Client Connector are impacted.

💻 Affected Systems

Products:

Zscaler Client Connector

Versions: macOS version 3.7 (specifically the August 19, 2022 release)

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the macOS version of Zscaler Client Connector with the specific pacparser library component.

📦 What is this software?

Client Connector by Zscaler

View all CVEs affecting Client Connector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through arbitrary code execution leading to privilege escalation, data exfiltration, or persistence mechanisms.

🟠

Likely Case

Local privilege escalation or denial of service affecting the Zscaler Client Connector application.

🟢

If Mitigated

Application crash or limited impact if exploit attempts are blocked by additional security controls.

🌐 Internet-Facing: LOW - This appears to be a local vulnerability requiring access to the affected system.

🏢 Internal Only: MEDIUM - Could be exploited by malicious local users or through lateral movement within compromised networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access to the system and knowledge of heap manipulation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after the August 19, 2022 release (check Zscaler documentation for specific fixed version)

Vendor Advisory: https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.7&deployment_date=2022-08-19&id=1414851

Restart Required: Yes

Instructions:

1. Open Zscaler Client Connector on macOS. 2. Check for updates in the application settings. 3. Install the latest available update. 4. Restart the application or system as prompted.

🔧 Temporary Workarounds

Disable Zscaler Client Connector

macOS

Temporarily disable the Zscaler Client Connector application until patched.

sudo launchctl unload /Library/LaunchDaemons/com.zscaler.*.plist
sudo killall Zscaler

🧯 If You Can't Patch

Restrict local user access to systems running vulnerable versions
Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Zscaler Client Connector version in application settings or via 'ps aux | grep Zscaler' to identify running version.

Check Version:

grep -i version /Applications/Zscaler/Zscaler.app/Contents/Info.plist

Verify Fix Applied:

Verify Zscaler Client Connector version is updated beyond the vulnerable release and check for any crash reports related to pacparser.

📡 Detection & Monitoring

Log Indicators:

Crash reports for Zscaler Client Connector
Unexpected memory access errors in system logs

Network Indicators:

Unusual outbound connections from Zscaler process

SIEM Query:

process_name:"Zscaler" AND (event_type:"crash" OR memory_violation:"heap")

📊 Metadata

CVE ID: CVE-2023-28798

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

CWE: CWE-122

Published: May 2, 2024

Last Updated: February 20, 2026

🔗 References

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.7&deployment_date=2022-08-19&id=1414851 Release Notes,Vendor Advisory
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.7&deployment_date=2022-08-19&id=1414851 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28798, you might also want to check these: