CVE-2024-12802
Published: 09 January 2025
Summary
CVE-2024-12802 is a critical-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Sonicwall (inferred from references). Its CVSS base score is 9.1 (Critical).
Operationally, ranked at the 18.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and IA-2 (Identification and Authentication (Organizational Users)).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of known flaws, such as applying SonicWALL patches for CVE-2024-12802 to eliminate the MFA bypass vulnerability.
Mandates multi-factor authentication and secure configuration for remote access mechanisms like SSL-VPN to block unauthorized access via alternate account name exploitation.
Ensures robust organizational user identification and authentication, including MFA, preventing bypass through discrepancies in UPN and SAM account name handling.
NVD Description
SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently…
more
for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name.
Deeper analysisAI
CVE-2024-12802 is an MFA bypass vulnerability in SonicWALL SSL-VPN products, arising in specific cases when integrated with Microsoft Active Directory. The issue stems from the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names, which allows MFA to be configured independently for each login method. This misconfiguration enables attackers to bypass MFA by exploiting the alternative account name format. The vulnerability is rated with a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-305 (Authentication Bypass Using an Alternate Path or Channel).
Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction required. By leveraging the discrepancy in UPN and SAM account name handling, they can bypass MFA protections during login attempts, potentially gaining unauthorized access to the SSL-VPN gateway. Successful exploitation results in high-impact confidentiality and integrity violations, such as accessing sensitive network resources or modifying VPN sessions, without affecting availability.
SonicWALL has published security advisory SNWLID-2025-0001 at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001, which provides details on the vulnerability and recommended mitigations. Security practitioners should consult this advisory for patch availability, configuration guidance, and workarounds to address the MFA bypass risk in affected deployments.
Details
- CWE(s)