CVE-2024-40762

{"id": "CVE-2024-40762", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-01-09T07:15:26.730", "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-338"}]}], "descriptions": [{"lang": "en", "value": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass."}, {"lang": "es", "value": "Uso de un generador de n\u00fameros pseudoaleatorios criptogr\u00e1ficamente d\u00e9bil (PRNG) en SonicOS SSLVPN authentication token generator que, en ciertos casos, puede ser predicho por un atacante, lo que potencialmente puede resultar en una omisi\u00f3n de la autenticaci\u00f3n."}], "lastModified": "2025-01-09T15:15:15.370", "sourceIdentifier": "[email protected]"}