An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.
References
Link | Resource |
---|---|
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023 | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Zscaler
Published: 2023-10-23T13:32:17.505Z
Updated: 2023-10-23T13:32:17.505Z
Reserved: 2023-03-23T18:29:15.803Z
Link: CVE-2023-28803
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-23T14:15:09.627
Modified: 2023-10-27T00:42:04.713
Link: CVE-2023-28803
JSON object: View
Redhat Information
No data.
CWE