Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.
History

Thu, 05 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Sonicwall
Sonicwall sma100 Firmware
CPEs cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:*
Vendors & Products Sonicwall
Sonicwall sma100 Firmware
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 05 Dec 2024 14:00:00 +0000

Type Values Removed Values Added
Description Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.
Weaknesses CWE-338
References

cve-icon MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2024-12-05T13:53:37.282Z

Updated: 2024-12-05T15:10:12.280Z

Reserved: 2024-11-22T09:54:04.963Z

Link: CVE-2024-53702

cve-icon Vulnrichment

Updated: 2024-12-05T15:09:27.965Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-12-05T14:15:21.880

Modified: 2024-12-05T16:15:26.077

Link: CVE-2024-53702

cve-icon Redhat

No data.