Bypass of ZIA domain fronting detection module through evasion technique
CVE-2023-28807

7.5HIGH

Key Information:

Vendor: Zscaler
Status: ZIA
Vendor: CVE Published:; 31 January 2024

What is CVE-2023-28807?

In Zscaler Internet Access (ZIA), a vulnerability arises due to a mismatch between the Connect Host and the Server Name Indication (SNI) in Client Hello messages. This discrepancy can be exploited by attackers to bypass network security measures, effectively concealing their malicious communications within what appears to be legitimate traffic. As a result, the integrity of network security controls is compromised, posing significant risks to organizations relying on the platform for web traffic protection. Organizations are advised to implement mitigation strategies to safeguard against this vulnerability and ensure robust security protocols.

Affected Version(s)

ZIA 0 < 6.2r.290

References

https://help.zscaler.com/zia/configuring-advanced-setting...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 31, 2024
Vulnerability Reserved
Mar 23, 2023

Credit

Citi Red Team