Fortinet has disclosed a critical vulnerability affecting multiple versions of FortiSwitch, identified as CVE-2024-48887. This flaw allows a remote, unauthenticated attacker to change administrative passwords via a specially crafted request to the FortiSwitch GUI.
This issue is being tracked with a CVSS score of 9.3 and has the potential to severely compromise administrative access and overall network integrity.
What Is CVE-2024-48887?
CVE-2024-48887 is an unauthenticated password change vulnerability within the FortiSwitch web interface. Due to inadequate validation checks, a remote attacker can send a malicious request that successfully updates administrative credentials without prior authentication.
The flaw stems from a weakness categorised under CWE-620: Unverified Password Change, and highlights broader concerns around access control design in network management interfaces.
Impacted Versions
The following FortiSwitch versions are confirmed as vulnerable:
- FortiSwitch 7.6.0 — upgrade to 7.6.1 or above
- FortiSwitch 7.4.0 through 7.4.4 — upgrade to 7.4.5 or above
- FortiSwitch 7.2.0 through 7.2.8 — upgrade to 7.2.9 or above
- FortiSwitch 7.0.0 through 7.0.10 — upgrade to 7.0.11 or above
- FortiSwitch 6.4.0 through 6.4.14 — upgrade to 6.4.15 or above
What’s the Risk?
If exploited, this vulnerability can lead to:
-
Unauthorised administrative access
Attackers can take control of FortiSwitch administrative functions and alter network configurations.
-
Loss of network control and visibility
Malicious changes could redirect traffic, introduce backdoors, or disable monitoring.
-
Data breach and compliance exposure
With privileged access, attackers could extract sensitive data or alter access controls across connected infrastructure.
Recommended Actions
To reduce exposure and mitigate risk:
1. Apply Security Updates
Fortinet has issued patches across supported branches. All impacted systems should be upgraded to the latest secure version as a priority.
2. Restrict GUI Access
Where updates cannot be applied immediately:
- Disable HTTP/HTTPS administrative access from untrusted networks
- Restrict access to the GUI to known, trusted hosts only
3. Strengthen Network Controls
- Enforce network segmentation between management and production environments
- Use multi-factor authentication where supported
- Review and monitor administrative change logs for signs of unauthorised access
Discovery and Disclosure
This issue was internally discovered by Daniel Rozeboom of Fortinet’s FortiSwitch web UI development team and publicly disclosed on 8 April 2025.
