FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887)

Fortinet has released patches for flaws affecting many of its products, among them a critical vulnerability (CVE-2024-48887) in its FortiSwitch appliances that could allow unauthenticated attackers to gain access to and administrative privileges on vulnerable devices.

About CVE-2024-48887

Fortinet offers a range of FortiSwitch networking appliances, including access switches, distribution switches (for managing traffic), industrial/rugged switches, and core switches designed for data centers.

Fortinet describes CVE-2024-48887 as an unverified password change vulnerability in the FortiSwitch GUI, which may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request to the set_password endpoint.

The vulnerability affects FortiSwitch versions 7.6, 7.4, 7.2, 7.0, and 6.4, and it was reported by Daniel Rozeboom of the FortiSwitch web UI development team.

There is no mention of the vulnerability having been or being exploited in the wild. Nevertheless, administrators are advised to upgrade to one of the following versions:

• v7.6.1 or above
• v7.4.5 or above
• v7.2.9 or above
• v7.0.11 or above
• v6.4.15 or above

If upgrading cannot be done right away, they can mitigate the risk of exploitation by disabling HTTP/HTTPS access from administrative interfaces, and configuring trusted hosts so that only those can connect to the system. (Fortinet explains how.)

There gave been no widely reported major campaigns specifically targeting FortiSwitch devices, but vulnerabilities such as CVE-2024-48887 may come in handy to attackers who have already achieved access to their target’s network and are looking for ways to move laterally or manipulate traffic.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!