CVE-2023-28803Authentication Bypass by Spoofing in Client Connector

CWE-290Authentication Bypass by Spoofing3 documents3 sources
Severity
6.5MEDIUMNVD
CNA5.9
EPSS
0.0%
top 99.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zscaler Client Connector
Timeline
PublishedOct 23

Description

An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5zscaler/client_connector< 3.9

🔴Vulnerability Details

2
GHSA
GHSA-mwvw-6ggj-fhv5: An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functional2023-10-23
CVEList
Traffic being bypassed by ZCC by configuring synthetic IP range as local network2023-10-23
CVE-2023-28803 — Authentication Bypass by Spoofing | cvebase