CVE-2024-12802

CVE-2024-12802 is an MFA bypass vulnerability in SonicWALL SSL-VPN products, arising in specific cases when integrated with Microsoft Active Directory. The issue stems from the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names, which allows MFA to be configured independently for each login method. This misconfiguration enables attackers to bypass MFA by exploiting the alternative account name format. The vulnerability is rated with a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-305 (Authentication Bypass Using an Alternate Path or Channel).

Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction required. By leveraging the discrepancy in UPN and SAM account name handling, they can bypass MFA protections during login attempts, potentially gaining unauthorized access to the SSL-VPN gateway. Successful exploitation results in high-impact confidentiality and integrity violations, such as accessing sensitive network resources or modifying VPN sessions, without affecting availability.

SonicWALL has published security advisory SNWLID-2025-0001 at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001, which provides details on the vulnerability and recommended mitigations. Security practitioners should consult this advisory for patch availability, configuration guidance, and workarounds to address the MFA bypass risk in affected deployments.