Critical severity9.1NVD Advisory· Published Jan 9, 2025· Updated Apr 15, 2026
CVE-2024-12802
CVE-2024-12802
Description
SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name.
Affected products
1Patches
Vulnerability mechanics
References
1News mentions
2- CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration., (Tue, Jun 23rd)SANS Internet Storm Center · Jun 23, 2026
- Hackers bypass SonicWall VPN MFA due to incomplete patchingBleepingComputer · May 20, 2026