CVE-2023-28803

MEDIUM

Zscaler Client Connector <3.9 - Auth Bypass

Title source: llm

Description

An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.

References (1)

Core 1

Core References

Release Notes

https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023

Scores

CVSS v3 5.9

EPSS 0.0026

EPSS Percentile 17.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-290

Status published

Products (1)

zscaler/client_connector < 3.9

Published Oct 23, 2023

Tracked Since Feb 18, 2026