Fortinet Advises Upgrades to Fix Critical FortiSwitch Admin Password Vulnerability

Fortinet is urging all users to upgrade their FortiSwitch devices to mitigate a critical security vulnerability identified as CVE-2024-48887, with a CVSS score of 9.3. This vulnerability could enable unauthorized password changes via a specially crafted HTTP request, allowing attackers to override administrative access.

Affected versions and updates

The vulnerability impacts the following FortiSwitch versions:

• FortiSwitch 7.6.0 → Update to 7.6.1 or later

• FortiSwitch 7.4.0–7.4.4 → Update to 7.4.5 or later

• FortiSwitch 7.2.0–7.2.8 → Update to 7.2.9 or later

• FortiSwitch 7.0.0–7.0.10 → Update to 7.0.11 or later

• FortiSwitch 6.4.0–6.4.14 → Update to 6.4.15 or later

This flaw, discovered in-house by Daniel Rozeboom from the FortiSwitch Web UI team, arises due to insufficient input validation on the system’s GUI (graphical user interface).

Although there’s no evidence of this vulnerability being exploited yet, Fortinet products have historically been targeted by threat actors. Hence, prioritizing this patch is imperative.

Mitigation measures until update

Fortinet urges users to patch their systems immediately. For those unable to update right away, temporary mitigations include disabling HTTP/HTTPS access from administrative interfaces and restricting trusted host access through CLI configurations.

Additionally, it is recommended to follow these best practices:

• Monitor system logs for suspicious activities and unauthorized password changes.
• Enable multi-factor authentication (MFA) wherever possible.

Fast action required

The severity of this vulnerability cannot be underestimated. Applying the patch promptly will not only secure your network but also prevent potential exploitation. For more details, refer to the Fortinet PSIRT advisory here.

Stay proactive and ensure your environment is up to date to safeguard your systems from future risks.

Joe Kern is Director Product Marketing at N‑able