CVE-2024-12802

Published: Jan 9, 2025

Modified: May 22, 2026

PUBLISHED

Description

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name.

Vendor	Product	Versions
SonicWall	SonicOS	affected `6.5.4.4-44v-21-2457 and older versions` affected `6.5.4.15-117n and older versions` affected `7.0.1-5161 and older versions` affected `7.1.1-7058 and older versions` affected `7.1.2-7019` +1 more versions

Weaknesses (CWE)

CWE-305

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-12802

Description

Affected Products

Weaknesses (CWE)

References