Fortinet has rolled out critical security updates to fix a newly discovered vulnerability in its FortiSwitch product line that could allow attackers to change admin passwords without authorization. Tracked as CVE-2024-48887, the flaw carries a CVSS severity score of 9.3 out of 10. Marking it as a high-risk threat for organizations relying on FortiSwitch for secure network management.
According to Fortinet, the issue stems from an unverified password change vulnerability in the FortiSwitch GUI interface. In practice, this means a remote attacker—without any authentication—could send a specially crafted request to modify administrator credentials. If left unpatched, this opens the door to potential takeover scenarios where unauthorized users could gain full control of the switch.
The vulnerability affects multiple firmware versions of FortiSwitch, including Versions:
- 7.6.0 (requires upgrade to 7.6.1 or later)
- 7.4.0 through 7.4.4 (update to 7.4.5 or above)
- 7.2.0 through 7.2.8 (patch to 7.2.9 or newer)
- 7.0.0 through 7.0.10 (fix with version 7.0.11 or higher)
- 6.4.0 through 6.4.14 (upgrade to 6.4.15 or above)
The flaw was discovered internally by Daniel Rozeboom, a member of Fortinet’s FortiSwitch web UI development team. Although Fortinet says there’s currently no evidence the vulnerability has been exploited in the wild. The company strongly urges all users to patch immediately. In recent years, several Fortinet product vulnerabilities have been targeted by attackers after becoming public.
To minimize exposure while applying updates, Fortinet recommends disabling HTTP/HTTPS access to the administrative interface and limiting system access to trusted IP addresses. These temporary workarounds can reduce risk but don’t replace the need for a permanent fix.
Given Fortinet’s track record of being targeted by advanced threat actors, including those linked to state-sponsored campaigns, it’s crucial for enterprises using FortiSwitch to act fast. Unpatched systems could serve as easy entry points for attackers seeking to hijack network infrastructure.
With no reports of active exploitation yet, this update offers a critical window to secure systems before malicious actors begin probing for vulnerable deployments. Updating FortiSwitch software now is the best step organizations can take to stay ahead of emerging threats.
