Critical Flaw in FortiSwitch of Fortinet Allows Attackers to Change Admin Password
An unverified password change vulnerability [CWE-620] in FortiSwitch GUI discovered.
This may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request as per Fortinet advisory released.
Summary
| OEM | Fortinet |
| Severity | CRITICAL |
| CVSS Score | 9.8 |
| CVEs | CVE-2024-48887 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
Fortinet’s FortiSwitch product line has revealed a significant vulnerability noted as CVE-2024-48887. This flaw allows unauthenticated remote attackers to change administrative passwords by sending specially crafted requests to the device’s password management endpoint. With a CVSS score of 9.8, the vulnerability is classified as Critical and is actively being exploited in the wild.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| A unverified password change vulnerability | CVE-2024-48887 | Fortinet | CRITICAL | 9.8 |
Technical Summary
A critical vulnerability (CVE-2024-48887) has been identified in Fortinet FortiSwitch devices, affecting versions 6.4.0 through 7.6.0. This flaw resides in the web-based management interface and allows remote, unauthenticated attackers to change administrator passwords by sending a specially crafted HTTP request to the set_password endpoint.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2024-48887 | FortiSwitch v7.6, 7.4, 7.2, 7.0, 6.4 | CVE-2024-48887 is an unauthenticated password change vulnerability in FortiSwitch web GUI. It enables remote unauthenticated attackers to modify admin passwords through crafted requests to the set_password endpoint. | Unverified Password Change |
Remediation:
- Apply Security Patches: Install the latest security update for your FortiSwitch version. Fortinet has fixed the issue in 6.4.15 and above,7.0.11 and above,7.2.9 and above,7.4.5 and above,7.6.1 and above versions.
General Recommendations
- Update Devices Regularly always install the latest firmware and security patches from Fortinet to fix known vulnerabilities.
- Limit access to the FortiSwitch web GUI to trusted IP addresses and disable HTTP/HTTPS access if it is not required.
- Set strong and unique passwords and change them regularly to prevent unauthorized access.
- Monitor unusual Activity for suspicious logins or configuration changes.
Conclusion:
The CVE-2024-48887 vulnerability poses a serious security risk to organizations using affected FortiSwitch devices. Its ease of exploitation and the lack of authentication required make it particularly dangerous.
Organizations must act immediately by applying the relevant security patches, limiting administrative access, and monitoring for unusual activity.
References:
- https://fortiguard.fortinet.com/psirt/FG-IR-24-435
- https://www.bleepingcomputer.com/news/security/critical-fortiswitch-flaw-lets-hackers-change-admin-passwords-remotely/
- https://nvd.nist.gov/vuln/detail/CVE-2024-48887