CVE-2023-28803

Name of the Vulnerable Software and Affected Versions Zscaler Client Connector versions prior to 3.9

Description An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass.

Recommendations For versions prior to 3.9, update to version 3.9 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive functionalities that could be exploited through the authentication bypass until a patch is applied.