What the vulnerability does

01Description

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.

Key dates

02Disclosure timeline

January 9, 2025 CVE published
January 9, 2025 Record updated