Improper SAML signature verification
CVE-2023-28801

9.6CRITICAL

Key Information:

Vendor: Zscaler
Status: Zia Admin Portal
Vendor: CVE Published:; 31 August 2023

What is CVE-2023-28801?

The vulnerability in the SAML authentication mechanism of Zscaler's Admin UI allows for privilege escalation due to an improper verification of cryptographic signatures. This issue impacts versions of the Admin UI prior to 6.2r, making it essential for users to upgrade to secure their systems against potential exploitation.

Affected Version(s)

ZIA Admin Portal 6.2 < 6.2 (current)

References

https://help.zscaler.com/zia/release-upgrade-summary-2023

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2023
Vulnerability Reserved
Mar 23, 2023