ctipilot.ch

SonicWall Gen6 SSL-VPN CVE-2024-12802 — Akira-linked actors brute-force MFA via UPN vs SAM account-name split Feb-Mar 2026; firmware update insufficient without 6-step LDAP reconfig; Gen6 EoL 2026-04-16

cve · item:sonicwall-gen6-sslvpn-cve-2024-12802-mfa-bypass-akira-feb-ma

Coverage timeline
1
first 2026-05-21 → last 2026-05-21
Briefs
1
1 distinct
Sources cited
6
5 hosts
Sections touched
1
active_threats
Co-occurring entities
0
no co-occurrence

Story timeline

  1. 2026-05-21CTI Daily Brief — 2026-05-21
    active_threatsFirst coverage. CVSS 9.1; Akira-consistent TTPs (lateral to DC within hours); firmware-update alone is INSUFFICIENT without manual 6-step LDAP reconfig per SonicWall KB kA1VN0000000RBd0AM; UPN login path bypasses MFA when reconfig incomplete; Gen6 EoL means no future patches.

Where this entity is cited

  • active_threats1

Source distribution

  • attack.mitre.org2 (33%)
  • bleepingcomputer.com1 (17%)
  • comparitech.com1 (17%)
  • cybermaxx.com1 (17%)
  • cybersecuritydive.com1 (17%)

External references

NVD · cve.org · CISA KEV

All cited sources (6)

Items in briefs about SonicWall Gen6 SSL-VPN CVE-2024-12802 — Akira-linked actors brute-force MFA via UPN vs SAM account-name split Feb-Mar 2026; firmware update insufficient without 6-step LDAP reconfig; Gen6 EoL 2026-04-16

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.