FlagThis

Fortinet has issued a critical security advisory addressing a high-severity vulnerability, CVE-2024-48887, affecting its FortiSwitch product line. The flaw, which scores a 9.3 on the CVSS scale, resides within the FortiSwitch GUI and presents an unverified password change vulnerability. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted request, allowing them to modify administrator passwords without proper authorization. This could lead to complete system compromise and unauthorized access to sensitive network resources.

Fortinet has identified several affected FortiSwitch versions and strongly urges users to upgrade to the fixed versions immediately. The affected versions include FortiSwitch 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.10, and 6.4.0 through 6.4.14. Corresponding upgrade paths are available for each version, with specific target versions provided to remediate the vulnerability. The company credited Daniel Rozeboom of the FortiSwitch web UI development team for discovering and reporting the security flaw.

As immediate mitigation steps, Fortinet recommends disabling HTTP/HTTPS access from administrative interfaces and configuring trusted hosts to restrict network access to only authorized systems. These workarounds can help minimize the attack surface while users schedule and implement the necessary upgrades. While there is currently no evidence of active exploitation, given the severity and ease of exploitation, Fortinet emphasizes the importance of applying the patches as quickly as possible to prevent potential attacks.

ImgSrc: securityaffairs

References :

• fortiguard.fortinet.com: Fortinet PSIRT Advisory on FortiSwitch Unverified Password Change
• securityonline.info: SecurityOnline Article on Fortinet's Critical Unverified Password Change Flaw in FortiSwitch
• The Hacker News: The Hacker News Article on Fortinet Urges FortiSwitch Upgrades
• gbhackers.com: Fortinet Warns of Multiple Vulnerabilities in FortiAnalyzer, FortiManager, & Other Products
• securityonline.info: Fortinet: Critical Unverified Password Change Flaw in FortiSwitch
• Cyber Security News: CyberSecurityNews on fortiswitch vulnerability.
• Talkback Resources: Talkback description of Fortinet Critical Admin Password Change Flaw
• Talkback Resources: Fortinet has issued security updates for a critical vulnerability in FortiSwitch allowing unauthorized password changes, with a CVSS score of 9.3, urging users to upgrade to specified versions or implement workarounds.
• gbhackers.com: GbHackers article Fortinet Warns of Multiple Vulnerabilities in FortiAnalyzer, FortiManager, & Other Products
• BleepingComputer: BleepingComputer article on FortiSwitch flaw.
• securityaffairs.com: SecurityAffairs article on Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords
• The DefendOps Diaries: The Defend Ops Diaries Article Understanding the Critical FortiSwitch Vulnerability: CVE-2024-48887
• Security Risk Advisors: Critical Unverified Admin Password Change in FortiSwitch Allows Remote Access Takeover
• bsky.app: Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely.
• Rescana: Urgent: Fortinet Products Affected by Severe Security Flaws
• Vulnerable U: Critical Fortinet Flaw Allows Remote, Unauthenticated Admin Password Change
• www.helpnetsecurity.com: Help Net Security on fortiswitch Vulnerability
• research.kudelskisecurity.com: Fortinet FortiSwitch – Unverified Password Change Vulnerability (CVE-2024-48887)
• research.kudelskisecurity.com: Fortinet FortiSwitch – Unverified Password Change Vulnerability (CVE-2024-48887)
• Help Net Security: FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887)
• socradar.io: Critical Fortinet Vulnerability (CVE-2024-48887) Puts FortiSwitch Admin Credentials at Risk
• aboutdfir.com: Critical Fortinet Vulnerability (CVE-2024-48887) Puts FortiSwitch Admin Credentials at Risk
• aboutdfir.com: Critical Fortinet Vulnerability (CVE-2024-48887) Puts FortiSwitch Admin Credentials at Risk A newly disclosed critical vulnerability in Fortinet’s FortiSwitch product line is raising urgent security concerns.

Classification:

• HashTags: #Fortinet #Vulnerability #FortiSwitch
• Company: Fortinet
• Target: Network Administrators
• Product: FortiSwitch
• Feature: Password Change
• Malware: CVE-2024-48887
• Type: Vulnerability
• Severity: Critical