- Description
- SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name.
- Source
- PSIRT@sonicwall.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- PSIRT@sonicwall.com
- CWE-305
- Hype score
- Not currently trending
CVE-2024-12802 MFA Bypass Vulnerability in SonicWALL SSL-VPN via UPN/SAM Confusion The SSL-VPN in SonicWALL has an MFA bypass issue. This can happen when using UPN and SAM account names with Microsoft Active Dire... https://t.co/dKNL3w0lr3
@VulmonFeeds
9 Jan 2025
73 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12802 SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) accou… https://t.co/xAMLsrrYwC
@CVEnew
9 Jan 2025
415 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes