What is CVE-2024-12802?

CVE-2024-12802 is a vulnerability in Sonicwall Sonicos, classified under Authentication Bypass by Primary Weakness. Published 2025-01-09.

Is CVE-2024-12802 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sonicwall Sonicos

CVE-2024-12802

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to…

EPSS: 0.001 (26.4th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sonicos — versions 6.5.4.4-44v-21-2457 and older versions, 6.5.4.15-117n and older versions, 7.0.1-5161 and older versions

Weakness classification (CWE)

CWE-305 — Authentication Bypass by Primary Weakness

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001 (vendor-advisory)

Frequently asked questions

What is CVE-2024-12802?: CVE-2024-12802 is a vulnerability in Sonicwall Sonicos, classified under Authentication Bypass by Primary Weakness. Published 2025-01-09.
Is CVE-2024-12802 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.