{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40762", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "state": "PUBLISHED", "assignerShortName": "sonicwall", "dateReserved": "2024-07-10T15:58:49.461Z", "datePublished": "2025-01-09T06:43:25.000Z", "dateUpdated": "2025-01-09T15:08:11.330Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Gen7 Hardware", "Gen7 NSv", "TZ80"], "product": "SonicOS", "vendor": "SonicWall", "versions": [{"status": "affected", "version": "7.1.1-7058 and older versions"}, {"status": "affected", "version": "7.1.2-7019"}, {"status": "affected", "version": "8.0.0-8035"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative)"}], "datePublic": "2025-01-08T06:41:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.</span>"}], "value": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-338", "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2025-01-09T06:43:25.000Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003"}], "source": {"advisory": "SNWLID-2025-0003", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-09T15:07:45.484453Z", "id": "CVE-2024-40762", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-09T15:08:11.330Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-40762", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-09T15:07:45.484453Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-09T15:08:03.732Z"}}], "cna": {"source": {"advisory": "SNWLID-2025-0003", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative)"}], "affected": [{"vendor": "SonicWall", "product": "SonicOS", "versions": [{"status": "affected", "version": "7.1.1-7058 and older versions"}, {"status": "affected", "version": "7.1.2-7019"}, {"status": "affected", "version": "8.0.0-8035"}], "platforms": ["Gen7 Hardware", "Gen7 NSv", "TZ80"], "defaultStatus": "unknown"}], "datePublic": "2025-01-08T06:41:00.000Z", "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-338", "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"}]}], "providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2025-01-09T06:43:25.000Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40762", "state": "PUBLISHED", "dateUpdated": "2025-01-09T15:08:11.330Z", "dateReserved": "2024-07-10T15:58:49.461Z", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "datePublished": "2025-01-09T06:43:25.000Z", "assignerShortName": "sonicwall"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass."}, {"lang": "es", "value": "Uso de un generador de n\u00fameros pseudoaleatorios criptogr\u00e1ficamente d\u00e9bil (PRNG) en SonicOS SSLVPN authentication token generator que, en ciertos casos, puede ser predicho por un atacante, lo que potencialmente puede resultar en una omisi\u00f3n de la autenticaci\u00f3n."}], "id": "CVE-2024-40762", "lastModified": "2025-01-09T15:15:15.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-01-09T07:15:26.730", "references": [{"source": "PSIRT@sonicwall.com", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003"}], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-338"}], "source": "PSIRT@sonicwall.com", "type": "Secondary"}]}

{}