Predictable Pseudo-Random Number Generator Vulnerability in SonicWall SMA100 SSLVPN

CVE-2024-53702

Currently unrated 🤨

Key Information

Vendor: Sonicwall
Status: Sma100
Vendor: CVE Published:; 5 December 2024

Summary

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.

Affected Version(s)

SMA100 = 10.2.1.13-72sv and earlier versions

Refferences

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Nov 22, 2024

Collectors

NVD DatabaseMitre Database

Credit

Alain Mowat of Orange Cyberdefense, Switzerland.