A recent report reveals that attackers are bypassing Multi-Factor Authentication (MFA) on SonicWall Gen6 VPNs due to an incomplete fix for vulnerability CVE-2024-12802. Despite available firmware updates, proper remediation requires six critical manual steps that are often overlooked. Attackers have successfully exploited this flaw, reducing security to single-factor access, allowing rapid intrusions into networks.
Observations indicate that attackers could access internal file servers within thirty minutes of initial VPN access. The vulnerability lies in the handling of different Active Directory login formats, leading to ineffective MFA enforcement. Organizations using Gen6 devices, now past end-of-life and without future updates, are strongly advised to ensure complete remediation or consider migrating to supported hardware.