CVE-2024-53702 — Use of Cryptographically Weak Pseudo-Random Number Generator in SMA 200 Firmware

CWE-338 — Use of Cryptographically Weak Pseudo-Random Number Generator3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 49.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sonicwall SMA 200 Firmware Sonicwall SMA 210 Firmware Sonicwall SMA 400 Firmware +3 more

Timeline

PublishedDec 5

Description

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

▶CVEListV5sonicwall/sma10010.2.1.13-72sv and earlier versions

▶NVDsonicwall/sma_200_firmware< 10.2.1.14-75sv

▶NVDsonicwall/sma_210_firmware< 10.2.1.14-75sv

▶NVDsonicwall/sma_400_firmware< 10.2.1.14-75sv

▶NVDsonicwall/sma_410_firmware< 10.2.1.14-75sv

🔴Vulnerability Details

CVEList

CVE-2024-53702: Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certai↗2024-12-05

▶

GHSA

GHSA-r2f4-w3vh-wpxj: Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certai↗2024-12-05

▶