Predictable Authentication Bypass in SonicWall SSLVPN Product
CVE-2024-40762

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Sonicos
Vendor: CVE Published:; 9 January 2025

🔔 Create Sonicwall Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2024-40762?

This vulnerability involves the use of a Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the authentication token generator of SonicWall's SSLVPN. In certain scenarios, an attacker can predict the generated tokens, leading to potential authentication bypass. This flaw can compromise user accounts, grant unauthorized access, and expose sensitive data. It is crucial for users to apply the latest security updates to mitigate this issue.

Affected Version(s)

SonicOS Gen7 Hardware 7.1.1-7058 and older versions

SonicOS Gen7 Hardware 7.1.2-7019

SonicOS Gen7 Hardware 8.0.0-8035

News Articles

Cyber Security News

CVE-2024-40762 CVE-2024-53704

Multiple Sonicwall VPN Vulnerabilities Let Attackers Bypass Authentication

A new security advisory has been released regarding several vulnerabilities in SonicWall's SonicOS software, bypass authentication mechanisms.

thmubnail image

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025
📰
First article discovered by Cyber Security News
Jan 8, 2025
Vulnerability Reserved
Jul 10, 2024

Credit

Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative)

.