Threat actors are exploiting CVE-2024-12802 (CVSS 9.1), a critical vulnerability in SonicWall Gen6 SSL-VPN appliances that allows MFA bypass via a specific user principal name (UPN) login format, enabling network access and deployment of tools like Cobalt Strike. The Gen6 appliances reached end-of-life on April 16, 2024, and while newer Gen7/Gen8 devices are patched via firmware, Gen6 devices require manual LDAP server reconfiguration as a workaround; migration to supported versions is critical.
Vulnerability Management Attackers exploit SonicWall VPN vulnerability to bypass MFA May 21, 2026 Share By SC Staff (Credit: monticellllo – stock.adobe.com) Threat actors are exploiting a vulnerability in SonicWall Gen6 SSL-VPN appliances, allowing them to bypass multi-factor authentication (MFA) and deploy tools for ransomware attacks. The attackers are using brute-force methods to gain access to VPN credentials, and then exploiting CVE-2024-12802 to circumvent MFA protections, according to ReliaQuest. This vulnerability has been observed in multiple environments, as reported by Bleeping Computer. The vulnerability, CVE-2024-12802, allows threat actors to bypass MFA on SonicWall Gen6 SSL-VPN appliances by using a specific user principal name (UPN) login format. Attackers can gain access to internal networks within 30 to 60 minutes, conduct reconnaissance, and attempt to deploy tools like Cobalt Strike. While firmware updates mitigate the risk on newer Gen7 and Gen8 devices, Gen6 devices require manual reconfiguration of the LDAP server to fully address the vulnerability. ReliaQuest researchers believe the attackers are acting as initial access brokers, selling access to other threat groups. The Gen6 appliances reached end-of-life on April 16, 2024, making migration to supported versions a critical step for organizations. Source: Bleeping Computer SC Staff Related Application security APIs under pressure: How AI is rewriting the rules of enterprise security Paul Wagenseil May 20, 2026 The rapid growth of AI has created an explosion of APIs that will require new techniques to manage. Vulnerability Management Max-severity vulnerability in ChromaDB allows unauthenticated remote code execution SC Staff May 20, 2026 The vulnerability affects the Python API server logic within the PyPI package, which sees nearly 14 million monthly downloads. Vulnerability Management Drupal releases emergency security update amid exploit concerns SC Staff May 20, 2026 While the specific type of vulnerability has not been disclosed, the urgency of the advisory suggests a serious flaw with a potentially short window between patch release and active exploitation. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds