CVE-2023-28803: 
Zscaler Client Connector vulnerability analysis and mitigation

CVE-2023-28803 is an authentication bypass vulnerability affecting Zscaler Client Connector on Windows versions before 3.9. The vulnerability allows an attacker to bypass authentication through spoofing of a device with a synthetic IP address, enabling functionality bypass (NVD CVE).

The vulnerability is classified as CWE-290 (Authentication Bypass by Spoofing). According to the CVSS 3.1 scoring, it has a base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. The attack vector is Adjacent Network, requiring low attack complexity with no privileges or user interaction needed (NVD CVE).

The vulnerability primarily affects system integrity, with a High impact rating for integrity while having no direct impact on confidentiality or availability. The vulnerability allows attackers to bypass authentication mechanisms, potentially compromising the security of the affected systems (NVD CVE).

The vulnerability has been addressed in Zscaler Client Connector version 3.9 and later. Users are advised to upgrade to the latest version to mitigate this security risk (Zscaler Release).