CVE-2024-12802

🗓️ 09 Jan 2025 09:08:26Reported by sonicwallType

SSL-VPN MFA Bypass in SonicWALL allows attacks via separate UPN and SAM account handling.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the SSL VPN remote access technology for SonicOS operating systems allows a hacker to increase their privileges.	13 Jan 202500:00	–	bdu_fstec
Circl	CVE-2024-12802	7 Jan 202512:38	–	circl
CNNVD	SonicWALL SSL-VPN 安全漏洞	9 Jan 202500:00	–	cnnvd
CVE	CVE-2024-12802	9 Jan 202509:08	–	cve
EUVD	EUVD-2024-51116	3 Oct 202520:07	–	euvd
NVD	CVE-2024-12802	9 Jan 202509:15	–	nvd
Positive Technologies	PT-2025-1026	7 Jan 202500:00	–	ptsecurity
SonicWall	SSL-VPN MFA Bypass Due to UPN and SAM Account Handling in Microsoft AD	7 Jan 202516:56	–	sonicwall
VulnCheck KEV	VulnCheck KEV: CVE-2024-12802	19 May 202600:00	–	vulncheck_kev
Vulnrichment	CVE-2024-12802	9 Jan 202509:08	–	vulnrichment

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "Gen6 NSv",
      "Gen6 Hardware",
      "Gen7 Hardware",
      "Gen7 NSv",
      "TZ80"
    ],
    "product": "SonicOS",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "6.5.4.4-44v-21-2457 and older versions"
      },
      {
        "status": "affected",
        "version": "6.5.4.15-117n and older versions"
      },
      {
        "status": "affected",
        "version": "7.0.1-5161 and older versions"
      },
      {
        "status": "affected",
        "version": "7.1.1-7058 and older versions"
      },
      {
        "status": "affected",
        "version": "7.1.2-7019"
      },
      {
        "status": "affected",
        "version": "8.0.0-8035"
      }
    ]
  }
]

Source	Link
psirt	www.psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001

09 Jan 2025 09:08Current

EPSS0.00095

CWE-305