Predictable Pseudo-Random Number Generator Vulnerability in SonicWall SMA100 SSLVPN
CVE-2024-53702

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Sma100
Vendor: CVE Published:; 5 December 2024

Summary

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.

Affected Version(s)

SMA100 Linux 10.2.1.13-72sv and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Nov 22, 2024

Credit

Alain Mowat of Orange Cyberdefense, Switzerland.