Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SonicWall Gen6 SSL-VPN MFA-bypass flaw (CVE-2024-12802)

Vulnerability
First reported
Last updated
Happening score
H score 50
1 unique sources, 1 articles

Summary

Hide ▲

Researchers confirmed first-in-the-wild exploitation of CVE-2024-12802 against SonicWall Gen6 SSL-VPN appliances, showing that incomplete remediation can leave MFA bypass exposure and enable initial access. The activity was observed between February and March across multiple environments, with defenders initially seeing systems that were patched but not fully fixed. The flaw matters because attackers used valid credentials to slip past MFA and reach internal networks.

Related Happenings

Sharp rise in brute-force attempts against SonicWall and Fortinet edge devices

Target Trend
First: 15.04.2026 12:30 Last: 15.04.2026 12:30 Sources 1

About this happening: A **sharp rise** in brute-force attempts against **SonicWall** and **Fortinet** edge devices is increasing risk of perimeter-device compromise across organizations that rely on VP...

Open Happening

2025 Rise in legitimate-access intrusions across enterprise sectors

Target Trend
First: 01.04.2026 17:05 Last: 01.04.2026 17:05 Sources 1

About this happening: **Legitimate access abuse** is now a leading intrusion pattern across **2025** investigations, increasing the risk of stealthy compromise across **manufacturing, healthcare, MSPs,...

Open Happening

SonicWall MySonicWall cloud backup breach exposing firewall backup files

Data Leak
First: 29.01.2026 19:57 Last: 29.01.2026 19:57 Sources 1

About this happening: **SonicWall** said a **state-sponsored threat actor** stole **firewall configuration backup files** from its **MySonicWall cloud backup service** in a **September** security breac...

Open Happening

FortiGate firewalls CVE-2020-12812 active exploitation wave

Exploitation Wave
First: 29.12.2025 13:16 Last: 29.12.2025 13:16 Sources 1

About this happening: **FortiGate firewalls** with **LDAP-enabled** authentication paths are facing an **active exploitation wave** tied to **CVE-2020-12812**, a **2FA-bypass** flaw in **FortiOS**. Att...

Open Happening

FortiOS SSL VPN CVE-2020-12812 mitigation advisory

Advisory/Mitigation
First: 25.12.2025 10:22 Last: 25.12.2025 10:22 Sources 1

About this happening: Fortinet issued a **December 24, 2025** mitigation advisory for **CVE-2020-12812**, warning that certain **FortiOS SSL VPN** configurations can let **admin or VPN users** authenti...

Open Happening

Timeline

  1. 21.05.2026 00:19 2 articles · 7d ago

    SonicWall Gen6 SSL-VPN MFA-bypass flaw (CVE-2024-12802)

    Initial Disclosure

    During **February and March**, attackers used valid credentials against **SonicWall Gen6 SSL-VPN appliances** to bypass **MFA** through **CVE-2024-12802**. The early intrusion phase enabled initial VPN access before defenders realized the systems were only partially remediated.

    Show sources
    Open in new tab