Article Details
Scrape Timestamp (UTC): 2025-04-09 16:09:43.337
Original Article Text
Click to Toggle View
Critical FortiSwitch flaw lets hackers change admin passwords remotely. Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. The company says Daniel Rozeboom of the FortiSwitch web UI development team discovered the vulnerability (CVE-2024-48887) internally. Unauthenticated attackers can exploit this unverified FortiSwitch GUI password change security flaw (rated with a 9.8/10 severity score) in low-complexity attacks that don't require user interaction. Fortinet says threat actors can change credentials using a specially crafted request sent via the set_password endpoint. "An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request," Fortinet says. CVE-2024-48887 impacts multiple FortiSwitch versions, from FortiSwitch 6.4.0 and up to FortiSwitch 7.6.0, and was addressed in FortiSwitch versions 6.4.15, 7.0.11, 7.2.9, 7.4.5, and 7.6.1. For those who can't immediately apply the security updates released on Tuesday, Fortinet also provides a temporary workaround requiring them to disable 'HTTP/HTTPS Access' from administrative interfaces and restrict access to vulnerable FortiSwitch devices to trusted hosts. On Tuesday, the company also patched an OS command injection (CVE-2024-54024) in FortiIsolator and flaws impacting FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice, and FortiWeb (CVE-2024-26013 and CVE-2024-50565) that unauthenticated attackers can exploit in man-in-the-middle attacks. Fortinet vulnerabilities are often targeted in the wild, some exploited as zero days long before the company issues security patches. For instance, in December, Chinese hackers used a DeepData post-exploitation toolkit to steal credentials using a zero-day (with no CVE ID) in Fortinet's FortiClient Windows VPN client. Another Fortinet FortiManager flaw, dubbed "FortiJump" and tracked as CVE-2024-47575, has been exploited as a zero-day to breach over 50 servers since June 2024. More recently, Fortinet disclosed two more vulnerabilities (CVE-2024-55591 and CVE-2025-24472) in January and February, also exploited as zero days in ransomware attacks. Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
Daily Brief Summary
Fortinet has addressed a critical vulnerability, CVE-2024-48887, in FortiSwitch devices that allows remote password changes.
The flaw, discovered internally by the FortiSwitch web UI development team, rates 9.8/10 in severity and can be exploited without user interaction.
Attackers can manipulate admin credentials remotely via a specially crafted request to the set_password endpoint.
Affected versions range from FortiSwitch 6.4.0 to 7.6.0; patches are available for versions 6.4.15, 7.0.11, 7.2.9, 7.4.5, and 7.6.1.
As a temporary measure, Fortinet recommends disabling 'HTTP/HTTPS Access' and restricting access to trusted hosts only.
Fortinet also released patches for other vulnerabilities on the same day, including an OS command injection flaw in FortiIsolator and multiple other flaws in different Fortinet products.
Historical context: Fortinet has previously been targeted by attackers, with vulnerabilities exploited in the wild, including zero-day attacks in ransomware incidents.