Zscaler Client Connector Health Check Port Control Bypass Vulnerability

A vulnerability exists in Zscaler Client Connector for Windows, specifically in versions 4.6.0.216 and 4.7.0.47, where the health check port did not properly release traffic after use. This flaw allowed certain data to bypass Zscaler Client Connector's forwarding controls, potentially disrupting intended traffic management.

Impact

Exploitation of this vulnerability could lead to unauthorized traffic bypassing Zscaler Client Connector's forwarding controls, allowing applications to send or receive data without going through the Zscaler service as intended. This could disrupt network policies or security measures that rely on Zscaler's traffic management.

Reproduction

The vulnerability can be reproduced by using Zscaler Client Connector versions 4.6.0.216 or 4.7.0.47 on Windows. Under specific conditions, the health check port will not release traffic properly, allowing it to bypass Zscaler's forwarding controls. This can be observed by monitoring the application's traffic management behavior, which will show unauthorized bypasses.

Remediation

Users can upgrade to Zscaler Client Connector version 4.8 or later, where this issue has been addressed.