Predictable Authentication Bypass in SonicWall SSLVPN Product
CVE-2024-40762

Currently unrated

Key Information:

Vendor
Sonicwall
Status
Sonicos
Vendor
CVE Published:
9 January 2025

Badges

📰 News Worthy

Summary

This vulnerability involves the use of a Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the authentication token generator of SonicWall's SSLVPN. In certain scenarios, an attacker can predict the generated tokens, leading to potential authentication bypass. This flaw can compromise user accounts, grant unauthorized access, and expose sensitive data. It is crucial for users to apply the latest security updates to mitigate this issue.

Affected Version(s)

SonicOS Gen7 Hardware 7.1.1-7058 and older versions

SonicOS Gen7 Hardware 7.1.2-7019

SonicOS Gen7 Hardware 8.0.0-8035

News Articles

favicon imageCyber Security News

Multiple Sonicwall VPN Vulnerabilities Let Attackers Bypass Authentication

A new security advisory has been released regarding several vulnerabilities in SonicWall's SonicOS software, bypass authentication mechanisms.

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...
vendor-advisory

Timeline

  • Vulnerability published

  • 📰

    First article discovered by Cyber Security News

  • Vulnerability Reserved

Credit

Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative)
.