Cyber Resilience

CVE-2024-12802

Critical

Published: 09 January 2025

Published
09 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0009 26.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12802 is a critical-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Sonicwall (inferred from references). Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2024-12802 is an MFA bypass vulnerability in SonicWALL SSL-VPN products, arising in specific cases when integrated with Microsoft Active Directory. The issue stems from the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names, which allows MFA to be configured independently for each login method. This misconfiguration enables attackers to bypass MFA by exploiting the alternative account name format. The vulnerability is rated with a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-305 (Authentication Bypass Using an Alternate Path or Channel).

Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction required. By leveraging the discrepancy in UPN and SAM account name handling, they can bypass MFA protections during login attempts, potentially gaining unauthorized access to the SSL-VPN gateway. Successful exploitation results in high-impact confidentiality and integrity violations, such as accessing sensitive network resources or modifying VPN sessions, without affecting availability.

SonicWALL has published security advisory SNWLID-2025-0001 at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001, which provides details on the vulnerability and recommended mitigations. Security practitioners should consult this advisory for patch availability, configuration guidance, and workarounds to address the MFA bypass risk in affected deployments.

EU & UK References

Vulnerability details

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently…

more

for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

CVE enables direct exploitation of public-facing SSL-VPN for MFA bypass to obtain unauthorized access via valid AD accounts.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-22153Shared CWE-305
CVE-2026-33892Shared CWE-305
CVE-2026-6266Shared CWE-305
CVE-2025-68435Shared CWE-305
CVE-2025-36386Shared CWE-305
CVE-2026-30849Shared CWE-305
CVE-2025-13915Shared CWE-305
CVE-2025-47776Shared CWE-305
CVE-2026-2652Shared CWE-305
CVE-2026-4670Shared CWE-305

Affected Assets

Sonicwall
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of known flaws, such as applying SonicWALL patches for CVE-2024-12802 to eliminate the MFA bypass vulnerability.

prevent

Mandates multi-factor authentication and secure configuration for remote access mechanisms like SSL-VPN to block unauthorized access via alternate account name exploitation.

prevent

Ensures robust organizational user identification and authentication, including MFA, preventing bypass through discrepancies in UPN and SAM account name handling.

References