SonicWall SSL VPN Vulnerability CVE-2024-12802 Actively Exploited Despite Patching
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A wave of attacks exploiting CVE-2024-12802, an authentication bypass vulnerability in SonicWall SSL VPN appliances, began in February 2026. Despite a firmware patch issued in 2025, attackers were able to bypass multifactor authentication (MFA) using brute-force techniques without triggering alerts. ReliaQuest identified multiple incidents where attackers accessed internal networks within minutes, deploying pre-ransomware tools. The vulnerability affects Gen6 devices, which require six additional manual reconfiguration steps for full remediation. SonicWall's advisory did not emphasize these steps, leading to a false sense of security among users. The flaw was rated 6.5 by SonicWall but assessed as critical (9.1) by CISA. The attacks are consistent with tactics used by the Akira ransomware group, which previously targeted SonicWall customers. Gen6 appliances reached end-of-life status on April 16, 2026, meaning they are no longer supported.
Key Points: • CVE-2024-12802 allows MFA bypass in SonicWall SSL VPN appliances. • Attackers exploited the vulnerability using brute-force methods without triggering alerts. • Gen6 devices require six additional steps for complete remediation post-patch.