CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-40762

Critical Severity
SVRS
84/100
CVSSv3
9.8/10
EPSS
0.00072/1

CVE-2024-40762 is a critical vulnerability in SonicOS SSLVPN. It involves the use of a cryptographically weak pseudo-random number generator (PRNG) in the authentication token generator. An attacker can potentially predict these tokens, leading to authentication bypass. With an SVRS of 84, CVE-2024-40762 is considered a critical threat requiring immediate action due to the high probability of exploitation. The weakness stems from using CWE-338 (Use of Cryptographically Weak Pseudo-Random Number Generator). Successful exploitation allows unauthorized access to systems protected by SonicOS SSLVPN. Given that this vulnerability is tagged as "In The Wild", administrators must apply the vendor-supplied patches immediately to mitigate the risk of compromise. This issue presents a significant security risk.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-01-09
LAST MODIFIED2025-01-09

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Focus Friday: Third-Party Risks In PostgreSQL and Zimbra Vulnerabilities
Ferdi Gül2025-04-01
Focus Friday: Third-Party Risks In PostgreSQL and Zimbra Vulnerabilities | Written by: Ferdi Gül This week’s Focus Friday blog highlights two critical vulnerabilities impacting enterprise systems: CVE-2025-1094 in PostgreSQL and CVE-2023-34192 in Zimbra Collaboration Suite (ZCS). These vulnerabilities pose significant risks to third-party ecosystems, potentially leading to SQL injection attacks in PostgreSQL and Cross-Site Scripting (XSS) exploits in Zimbra. As organizations continue to rely on […] The post Focus Friday: Third-Party Risks In PostgreSQL and Zimbra
normshield.com
rss
forum
news
CVE-2024-40762 | SonicWALL SonicOS SSL VPN weak prng (SNWLID-2025-0003 / Nessus ID 232198)
vuldb.com2025-03-07
CVE-2024-40762 | SonicWALL SonicOS SSL VPN weak prng (SNWLID-2025-0003 / Nessus ID 232198) | A vulnerability has been found in SonicWALL SonicOS and classified as problematic. This vulnerability affects unknown code of the component SSL VPN. The manipulation leads to cryptographically weak prng. This vulnerability was named CVE-2024-40762. The attack can be initiated remotely. There is no exploit available. It is
vuldb.com
rss
forum
news
ZDI-25-011: SonicWALL NSv Cryptographically Weak PRNG Authentication Bypass Vulnerability
2025-03-01
ZDI-25-011: SonicWALL NSv Cryptographically Weak PRNG Authentication Bypass Vulnerability | This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL NSv. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-40762.
cve-2024-40762
cve
exploit
crypto
FOCUS FRIDAY: Third-Party Risks From Critical Juniper Junos, Rsync, and SimpleHelp Vulnerabilities
Ferdi Gül2025-03-01
FOCUS FRIDAY: Third-Party Risks From Critical Juniper Junos, Rsync, and SimpleHelp Vulnerabilities | Written by: Ferdi Gül Welcome to this week’s Focus Friday, where we dive into key vulnerabilities impacting widely used technologies. This installment highlights three significant incidents that pose unique challenges to third-party risk management (TPRM) teams. From Juniper Junos OS to Rsync and SimpleHelp, we explore how these vulnerabilities affect the security posture of vendors […] The post FOCUS FRIDAY: Third-Party Risks From Critical Juniper Junos, Rsync, and
normshield.com
rss
forum
news
FOCUS FRIDAY: TPRM Insights on FortiGate, QNAP, Mongoose, and W3 Total Cache Vulnerabilities with Black Kite’s FocusTags™
Ferdi Gül2025-03-01
FOCUS FRIDAY: TPRM Insights on FortiGate, QNAP, Mongoose, and W3 Total Cache Vulnerabilities with Black Kite’s FocusTags™ | Written by: Ferdi Gül In today’s interconnected digital landscape, the rapid emergence of critical vulnerabilities demands an agile and informed approach to Third-Party Risk Management (TPRM). This week’s Focus Friday blog highlights high-profile incidents involving vulnerabilities in FortiGate firewalls, QNAP NAS systems, Mongoose, and the W3 Total Cache WordPress plugin. Each of these vulnerabilities poses […] The post FOCUS FRIDAY: TPRM Insights
normshield.com
rss
forum
news
Focus Friday: Addressing Third-Party Risks in PAN-OS, Ivanti Connect Secure, Zimbra, and Cacti Vulnerabilities
Ferdi Gül2025-02-14
Focus Friday: Addressing Third-Party Risks in PAN-OS, Ivanti Connect Secure, Zimbra, and Cacti Vulnerabilities | Written by: Ferdi Gül In this week’s Focus Friday, we examine high-impact vulnerabilities affecting Palo Alto Networks PAN-OS, Ivanti Connect Secure, Zimbra Collaboration, and Cacti, all of which pose significant third-party risk concerns. These vulnerabilities range from remote code execution (RCE) flaws to SQL injection attacks that could lead to data breaches, system takeovers, and […] The post Focus Friday: Addressing Third-Party Risks
normshield.com
rss
forum
news
Focus Friday: Addressing Critical Vulnerabilities in SonicWall, Ivanti, Progress, and GoCD
Ferdi Gül2025-01-10
Focus Friday: Addressing Critical Vulnerabilities in SonicWall, Ivanti, Progress, and GoCD | Written by: Ferdi Gül Welcome to this week’s Focus Friday blog, where we analyze high-profile vulnerabilities and incidents from a Third-Party Risk Management (TPRM) perspective. As organizations grapple with the growing complexities of cybersecurity threats, identifying and addressing vendor-related risks becomes paramount. This week, we had a busy week focusing on vulnerabilities. In this week’s […] The post Focus Friday: Addressing Critical Vulnerabilities in SonicWall, Ivanti, Progress
normshield.com
rss
forum
news

Social Media

SonicWALL NSv Cryptographically Weak PRNG Authentication Bypass Vulnerability (CVE-2024-40762) #CVE202440762 #CyberSecurity #SonicWall https://t.co/7IXtCCtdVY
0
0
0
CVE-2024-53704,CVE-2024-40762,CVE-2024-53705,CVE-2024-53706 alert 🚨 SonicWall improper authentication vulnerability in the SSLVPN The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSec #SonicWall https://t.co/XkFkfP0K2G
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

CWE Details

CWE IDCWE NameDescription
CWE-338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence