CVE-2024-12802

🗓️ 09 Jan 2025 09:08:26Reported by sonicwallType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 85 Views

SSL-VPN MFA Bypass in SonicWALL could allow attackers to bypass MFA using alternative account names.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the SSL VPN remote access technology for SonicOS operating systems allows a hacker to increase their privileges.	13 Jan 202500:00	–	bdu_fstec
Circl	CVE-2024-12802	7 Jan 202512:38	–	circl
CNNVD	SonicWALL SSL-VPN 安全漏洞	9 Jan 202500:00	–	cnnvd
Cvelist	CVE-2024-12802	9 Jan 202509:08	–	cvelist
EUVD	EUVD-2024-51116	3 Oct 202520:07	–	euvd
NVD	CVE-2024-12802	9 Jan 202509:15	–	nvd
Positive Technologies	PT-2025-1026	7 Jan 202500:00	–	ptsecurity
SonicWall	SSL-VPN MFA Bypass Due to UPN and SAM Account Handling in Microsoft AD	7 Jan 202516:56	–	sonicwall
VulnCheck KEV	VulnCheck KEV: CVE-2024-12802	19 May 202600:00	–	vulncheck_kev
Vulnrichment	CVE-2024-12802	9 Jan 202509:08	–	vulnrichment

Vulners

Node

sonicwall sonicosRange≤6.5.4.4-44v-21-2457

sonicwall sonicosRange≤6.5.4.15-117n

sonicwall sonicosRange≤7.0.1-5161

sonicwall sonicosRange≤7.1.1-7058

sonicwall sonicosRange≤7.1.2-7019

sonicwall sonicosRange≤8.0.0-8035

AND

sonicwall gen6_hardware

sonicwall gen6_nsv

sonicwall gen7_hardware

sonicwall gen7_nsv

sonicwall tz80

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "Gen6 NSv",
      "Gen6 Hardware",
      "Gen7 Hardware",
      "Gen7 NSv",
      "TZ80"
    ],
    "product": "SonicOS",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "6.5.4.4-44v-21-2457 and older versions"
      },
      {
        "status": "affected",
        "version": "6.5.4.15-117n and older versions"
      },
      {
        "status": "affected",
        "version": "7.0.1-5161 and older versions"
      },
      {
        "status": "affected",
        "version": "7.1.1-7058 and older versions"
      },
      {
        "status": "affected",
        "version": "7.1.2-7019"
      },
      {
        "status": "affected",
        "version": "8.0.0-8035"
      }
    ]
  }
]

Source	Link
psirt	www.psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001

17 Jun 2026 07:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.19.1

EPSS0.00397

SSVC