CVE-2024-53702

Summary

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.

Affected Software

VendorProductVersion RangeStatus
SonicWallSMA10010.2.1.13-72sv and earlier versionsaffected

Weaknesses

  • CWE-338: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References