Threat actors are exploiting a vulnerability in SonicWall Gen6 SSL-VPN appliances, allowing them to bypass multi-factor authentication (MFA) and deploy tools for ransomware attacks. The attackers are using brute-force methods to gain access to VPN credentials, and then exploiting CVE-2024-12802 to circumvent MFA protections, according to ReliaQuest. This vulnerability has been observed in multiple environments, as reported by Bleeping Computer.The vulnerability, CVE-2024-12802, allows threat actors to bypass MFA on SonicWall Gen6 SSL-VPN appliances by using a specific user principal name (UPN) login format. Attackers can gain access to internal networks within 30 to 60 minutes, conduct reconnaissance, and attempt to deploy tools like Cobalt Strike. While firmware updates mitigate the risk on newer Gen7 and Gen8 devices, Gen6 devices require manual reconfiguration of the LDAP server to fully address the vulnerability.ReliaQuest researchers believe the attackers are acting as initial access brokers, selling access to other threat groups. The Gen6 appliances reached end-of-life on April 16, 2024, making migration to supported versions a critical step for organizations.Source: Bleeping Computer
Vulnerability Management
Attackers exploit SonicWall VPN vulnerability to bypass MFA

(Credit: monticellllo – stock.adobe.com)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



