SonicWall SSL VPN Vulnerability CVE-2024-12802 Actively Exploited Despite Patching

SonicWall SSL VPN Vulnerability CVE-2024-12802 Actively Exploited Despite Patching

First seen 19 May 2026, 17:24 UTC Cybersecuritydivereliaquest.comBleepingcomputerSecurityaffairs.CoScworld+3 88% similarity 72.6

Article Content

Browse articles
ThreatCluster

A wave of attacks exploiting CVE-2024-12802, an authentication bypass vulnerability in SonicWall SSL VPN appliances, began in February 2026. Despite a firmware patch issued in 2025, attackers were able to bypass multifactor authentication (MFA) using brute-force techniques without triggering alerts. ReliaQuest identified multiple incidents where attackers accessed internal networks within minutes, deploying pre-ransomware tools. The vulnerability affects Gen6 devices, which require six additional manual reconfiguration steps for full remediation. SonicWall's advisory did not emphasize these steps, leading to a false sense of security among users. The flaw was rated 6.5 by SonicWall but assessed as critical (9.1) by CISA. The attacks are consistent with tactics used by the Akira ransomware group, which previously targeted SonicWall customers. Gen6 appliances reached end-of-life status on April 16, 2026, meaning they are no longer supported.

Key Points: • CVE-2024-12802 allows MFA bypass in SonicWall SSL VPN appliances. • Attackers exploited the vulnerability using brute-force methods without triggering alerts. • Gen6 devices require six additional steps for complete remediation post-patch.

ThreatCluster AI

Timeline

2023-10-10
CVE-2023-4966 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2025-01-09
CVE-2024-12802 published
SonicWall disclosed an authentication bypass vulnerability affecting SSL VPN appliances.
ReliaQuest
2026-02-01
Exploitation begins
Attackers started exploiting CVE-2024-12802, bypassing MFA in SonicWall devices.
Cybersecurity Dive
2026-04-16
Gen6 appliances reach end-of-life
SonicWall announced that Gen6 devices would no longer receive support or updates.
Cybersecurity Dive
2026-05-19
ReliaQuest report released
ReliaQuest published findings on the ongoing exploitation of CVE-2024-12802, detailing attack patterns.
ReliaQuest

Community

Browse all →