CVE-2024-12802
CRITICAL EXPLOITEDSonicOS Authentication Bypass via UPN/SAM Account Name Handling
Title source: llmExploitation Summary
CVE-2024-12802 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001
Scores
CVSS v3
9.1
EPSS
0.0040
EPSS Percentile
31.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2026-05-19
CWE
CWE-305
Status
published
Products (6)
SonicWall/SonicOS
6.5.4.15-117n and older versions
SonicWall/SonicOS
6.5.4.4-44v-21-2457 and older versions
SonicWall/SonicOS
7.0.1-5161 and older versions
SonicWall/SonicOS
7.1.1-7058 and older versions
SonicWall/SonicOS
7.1.2-7019
SonicWall/SonicOS
8.0.0-8035
Published
Jan 09, 2025
Tracked Since
Feb 18, 2026