CVE-2024-40762

Summary

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.

Affected Software

VendorProductVersion RangeStatus
SonicWallSonicOS7.1.1-7058 and older versionsaffected
SonicWallSonicOS7.1.2-7019affected
SonicWallSonicOS8.0.0-8035affected

Weaknesses

  • CWE-338: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References