writeups.xyz / Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)

Submitter : c2a

Date: 27 May 2024

Bounty : undisclosed

Vulnerabilities :

• Path Traversal
• Authentication Bypass
• Arbitrary File Delete
• DLL Hijacking
• Local Privilege Escalation
• Windows

Programs :

• Zscaler

Authors :

• Eugene Lim (@Spaceraccoonsec)
• Winston Ho

Link :
https://spaceraccoon.dev/zscaler-client-connector-local-privilege-escalation/