CVE-2023-28803 MEDIUM

CVE-2023-28803: Traffic being bypassed by ZCC by configuring synthetic IP range as local network

Vendor Zscaler
Product Client Connector
Weakness CWE-290
Published October 23, 2023
Last update September 11, 2024

CVSS base score

5.9/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.

Key dates

02Disclosure timeline

October 23, 2023 CVE published
September 11, 2024 Record updated