April 9, 2025 By Sergiu Gatlan
Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely.
The company says Daniel Rozeboom of the FortiSwitch web UI development team discovered the vulnerability (CVE-2024-48887) internally.
Unauthenticated attackers can exploit this unverified FortiSwitch GUI password change security flaw (rated with a 9.8/10 severity score) in low-complexity attacks that don't require user interaction.
Fortinet says threat actors can change credentials using a specially crafted request sent via the set_password endpoint.
"An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request," Fortinet says.
CVE-2024-48887 impacts multiple FortiSwitch versions, from FortiSwitch 6.4.0 and up to FortiSwitch 7.6.0, and was addressed in FortiSwitch versions 6.4.15, 7.0.11, 7.2.9, 7.4.5, and 7.6.1.
| Version | Affected | Patch |
|---|---|---|
| FortiSwitch 7.6 | 7.6.0 | Upgrade to 7.6.1 or above |
| FortiSwitch 7.4 | 7.4.0 through 7.4.4 | Upgrade to 7.4.5 or above |
| FortiSwitch 7.2 | 7.2.0 through 7.2.8 | Upgrade to 7.2.9 or above |
| FortiSwitch 7.0 | 7.0.0 through 7.0.10 | Upgrade to 7.0.11 or above |
| FortiSwitch 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
