6.5

CVE-2023-28803

Traffic being bypassed by ZCC by configuring synthetic IP range as local network

An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZscalerClient Connector SwPlatformwindows Version < 3.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.172
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
cve@zscaler.com 5.9 1.6 4.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023
Release Notes