CVE-2023-41973 – This vulnerability in Zscaler Client Connector ... (How to Fix)

Q: What is the severity of CVE-2023-41973?

CVE-2023-41973 has a CVSS score of 7.3 (HIGH). This vulnerability in Zscaler Client Connector (ZSATray) allows path traversal attacks by improperly validating the 'previousInstallerName' parameter. Attackers could execute arbitrary code by manipulating this parameter to point to malicious executables. Affects Windows users running vulnerable versions of Zscaler Client Connector.

📋 TL;DR

This vulnerability in Zscaler Client Connector (ZSATray) allows path traversal attacks by improperly validating the 'previousInstallerName' parameter. Attackers could execute arbitrary code by manipulating this parameter to point to malicious executables. Affects Windows users running vulnerable versions of Zscaler Client Connector.

💻 Affected Systems

Products:

Zscaler Client Connector (ZSATray)

Versions: Versions before 4.3.0.121

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the TrayManager component that handles installer paths.

📦 What is this software?

Client Connector by Zscaler

View all CVEs affecting Client Connector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with SYSTEM privileges, allowing complete system compromise and lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to unauthorized system access and potential credential theft.

🟢

If Mitigated

Limited impact with proper endpoint protection and least privilege principles in place.

🌐 Internet-Facing: LOW (requires local access or social engineering to exploit)

🏢 Internal Only: MEDIUM (internal attackers could exploit this for privilege escalation)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires ability to manipulate configuration parameters, likely through local access or social engineering.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.0.121 and later

Vendor Advisory: https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196

Restart Required: Yes

Instructions:

1. Download Zscaler Client Connector version 4.3.0.121 or later from Zscaler portal. 2. Run the installer with administrative privileges. 3. Restart the system after installation completes.

🔧 Temporary Workarounds

Restrict configuration modification

windows

Limit write access to Zscaler Client Connector configuration files and directories

icacls "C:\Program Files\Zscaler\ZSATray\" /deny Users:(OI)(CI)W

🧯 If You Can't Patch

Implement strict endpoint security controls to detect and prevent unauthorized process execution
Apply principle of least privilege to all user accounts and service accounts

🔍 How to Verify

Check if Vulnerable:

Check Zscaler Client Connector version in Windows Programs and Features or via 'About' in the system tray icon

Check Version:

wmic product where "name like 'Zscaler%'" get version

Verify Fix Applied:

Confirm version is 4.3.0.121 or higher and verify no path traversal attempts in application logs

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from Zscaler directories
Path traversal patterns in Zscaler logs

Network Indicators:

Unexpected outbound connections from Zscaler processes

SIEM Query:

ProcessName="ZSATray.exe" AND (CommandLine CONTAINS "..\" OR CommandLine CONTAINS "../")

📊 Metadata

CVE ID: CVE-2023-41973

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE: CWE-22

Published: March 26, 2024

Last Updated: October 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41973, you might also want to check these: