CVE-2024-53702

Name of the Vulnerable Software and Affected Versions: SonicWall SMA100 series (affected versions not specified)

Description: The issue is related to the use of a cryptographically weak pseudo-random number generator (PRNG) in the SonicWall SMA100 SSLVPN backup code generator. This weakness can be exploited by a remote attacker to potentially expose protected information. The PRNG's predictability in certain cases allows an attacker to possibly uncover the generated secret.

Recommendations: For SonicWall SMA100 series, consider disabling the use of the PRNG in the SSLVPN backup code generator until a patch or fix is available. As a temporary workaround, restrict access to the SSLVPN backup code generator to minimize the risk of exploitation. Avoid using the SSLVPN backup code generator until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.