top of page
ALL POSTS
Attackers Bypass MFA on SonicWall VPNs Due to Flawed Prior Patch
Key Findings SonicWall Gen6 SSL-VPN devices remain vulnerable to MFA bypass despite firmware patches because administrators are missing six required manual remediation steps CVE-2024-12802 exploitation observed in-the-wild between February and March 2026, leading to ransomware-related intrusions across multiple organizations Attackers successfully brute-forced VPN credentials and bypassed MFA, reaching internal file servers in some cases within 30 minutes Gen6 devices reached
May 222 min read
SonicWall Addresses Vulnerability in SMA 100 Appliances
Key Findings SonicWall has released fixes to address a security flaw, CVE-2025-40602, in its Secure Mobile Access (SMA) 100 series appliances. The vulnerability, with a CVSS score of 6.6, allows for local privilege escalation due to insufficient authorization in the appliance management console (AMC). The vulnerability was reported to be exploited in combination with CVE-2025-23006 (CVSS 9.8) to achieve unauthenticated remote code execution with root privileges. CVE-2025-2300
Dec 17, 20251 min read
bottom of page
