Vulnerability in Sonicwall Sma100

CVE-2024-53702

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.

EPSS: 0.004 (59.3th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma100 — versions 10.2.1.13-72sv and earlier versions

Weakness classification (CWE)

CWE-338 — Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018 (vendor-advisory)