DIESECSonicWall Gen6: patched. MFA bypass still works. Ransomware deployed.
Firmware fix closes one path. 6 manual LDAP steps close the real bypass — most teams never apply them.
Patched ≠ protected. CVE-2024-12802
Global Feed⚠️ SonicWall VPN MFA bypass alert
- A flaw in SonicWall’s VPN multi‑factor auth can be sidestepped if the latest patch isn’t applied.
- Attackers are exploiting the unpatched versions to slip into corporate networks.
- If you still run a vulnerable build, update now and audit your VPN logs for any suspicious logins.
(in)sicurezza digitale“Patchato” non significa protetto: attaccanti bypassano l’MFA sui VPN SonicWall Gen6 e raggiungono i file server in 30 minuti
CVE-2024-12802 sulle appliance SonicWall Gen6 SSL-VPN viene sfruttata attivamente nonostante la patch disponibile. Il motivo: il fix firmware non basta — richiede sei passaggi manuali aggiuntivi che la maggior parte degli amministratori non esegue. Il risultato: attori del ransomware ecosystem bypassano l'MFA, entrano nelle reti e raggiungono i file server in meno di trenta minuti.
The New OilHackers bypass #SonicWall #VPN #MFA due to incomplete patching
GreyNoiseA scanning pattern similar to the one preceding CVE-2026-0400 in February is active again. May 12 saw the largest single-day session volume on this SonicWall tag in 90 days.
🔗 https://www.greynoise.io/blog/sonicwall-scanning-spike-echoes-pattern-preceded-cve-2026-0400
securityaffairsAttackers are bypassing MFA on #SonicWall VPNs because something was wrong with previous fix
https://securityaffairs.com/192477/hacking/attackers-are-bypassing-mfa-on-sonicwall-vpns-because-something-was-wrong-with-previous-fix.html
#securityaffairs #hacking
https://securityaffairs.com/192477/hacking/attackers-are-bypassing-mfa-on-sonicwall-vpns-because-something-was-wrong-with-previous-fix.html
#securityaffairs #hacking
Analyst207Hackers Exploit SonicWall VPN Flaw to Bypass MFA
In a shocking exploit, hackers have successfully bypassed multi-factor authentication on SonicWall VPN devices, breaching security in as little as 30 minutes. ReliaQuest researchers detected the first in-the-wild exploitation of CVE-2024-12802, warning of a swift and stealthy threat.
#Sonicwall #VpnExploit #MfaBypass #Cve202412802 #EmergingThreats
#SonicWall patches three #SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now
https://securityaffairs.com/191527/security/sonicwall-patches-three-sonicos-flaws-in-gen-6-7-and-8-firewalls-patch-them-now.html
#securityaffairs #hacking
https://securityaffairs.com/191527/security/sonicwall-patches-three-sonicos-flaws-in-gen-6-7-and-8-firewalls-patch-them-now.html
#securityaffairs #hacking
AllAboutSecuritySonicWall SonicOS: Drei Sicherheitslücken erlauben Zugriffskontroll-Umgehung und Denial-of-Service
Die Lücken betreffen zentrale Schutzmechanismen von Firewall-Systemen und erlauben es Angreifern unter bestimmten Voraussetzungen, Zugriffskontrollen zu umgehen, eingeschränkte Dienste anzusprechen oder Geräte durch einen erzwungenen Absturz außer Betrieb zu setzen.
SonicWall SonicOS: Drei Sicherheitslücken erlauben Zugriffskontroll-Umgehung und Denial-of-Service
SonicWall meldet drei SonicOS-Schwachstellen (SNWLID-2026-0004): Zugriffsumgehung, Path Traversal und DoS. Workaround verfügbar, Patches nötig.
Massenangriff auf SonicWall-Firewalls: 4.300 IP-Adressen scannen gezielt VPN-Infrastrukturen
Zwischen dem 22. und 25. Februar 2026 registrierten Analysten von GreyNoise mehr als 84.000 Scan-Sitzungen gegen SonicWall-Firewalls – verteilt auf vier koordinierte Angriffswellen. Die Kampagne folgt einem bekannten Muster: Vor eigentlichen Einbruchsversuchen kartieren Angreifer systematisch exponierte VPN-Zugangspunkte.
Massenangriff auf SonicWall-Firewalls: 4.300 IP-Adressen scannen gezielt VPN-Infrastrukturen
Sicherheitsforscher dokumentieren koordinierte Aufklärungskampagne gegen SonicWall-VPNs – mit Ransomware-Gruppen wie Akira im Hintergrund.