CVE-2024-12802: SonicWall SSL-VPN MFA Bypass Persists on Gen6

CVE-2024-12802 is a critical (CVSS 9.1) authentication/MFA bypass in SonicWall SSL‑VPN for AD-integrated environments; Gen6 appliances can remain exploitable after firmware upgrades unless additional manual reconfiguration steps are applied. Researchers reported in-the-wild exploitation (Feb–Mar 2026) where actors brute-forced VPN credentials then bypassed MFA via alternate username formats; defenders should apply SonicWall’s Gen6 remediation steps, hunt for VPN authentication IOCs such as sess="CLI", enforce strong password/lockout controls, and prioritize migrating EOL Gen6 hardware.