Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Critical FortiSwitch Vulnerability Leaves Administrators Vulnerable to Remote Password Changes



Critical FortiSwitch Vulnerability Leaves Administrators Vulnerable to Remote Password Changes
A critical vulnerability has been discovered in Fortinet's FortiSwitch network devices that allows unauthenticated attackers to remotely change administrator passwords. The patch was released on Tuesday, and organizations are advised to upgrade their devices or apply the security patch as soon as possible.


  • Fortinet has issued a critical security patch for its FortiSwitch network devices due to a severe vulnerability that allows unauthenticated attackers to remotely change administrator passwords.
  • The vulnerability, CVE-2024-48887, has a severity score of 9.8/10 and can be exploited in low-complexity attacks without user interaction.
  • The patch addresses FortiSwitch versions from 6.4.0 to 7.6.0, but temporary workarounds are available for those who cannot apply the updates immediately.
  • This vulnerability is part of a broader trend of Fortinet vulnerabilities being targeted in the wild, including zero-day exploits.
  • Administrators are advised to upgrade their devices or apply the patch as soon as possible and implement additional security measures such as multi-factor authentication and monitoring login activity.



    • Fortinet has issued a critical security patch for its FortiSwitch network devices, addressing a severe vulnerability that allows unauthenticated attackers to remotely change administrator passwords. The patch was released in response to the discovery of CVE-2024-48887, a GUI password change security flaw rated with an 9.8/10 severity score.

    According to Sergiu Gatlan, a news reporter who has covered the latest cybersecurity and technology developments for over a decade, this vulnerability is significant because it can be exploited in low-complexity attacks that don't require user interaction. The threat actors can change credentials using a specially crafted request sent via the set_password endpoint. This flaw impacts multiple FortiSwitch versions, from FortiSwitch 6.4.0 and up to FortiSwitch 7.6.0.

    Daniel Rozeboom of the FortiSwitch web UI development team discovered this vulnerability internally and has since been addressed in FortiSwitch versions 6.4.15, 7.0.11, 7.2.9, 7.4.5, and 7.6.1. However, for those who cannot immediately apply the security updates released on Tuesday, Fortinet provides a temporary workaround requiring them to disable 'HTTP/HTTPS Access' from administrative interfaces and restrict access to vulnerable FortiSwitch devices to trusted hosts.

    This vulnerability is part of a broader trend of Fortinet vulnerabilities being targeted in the wild, some exploited as zero days long before the company issues security patches. In December, Chinese hackers used a DeepData post-exploitation toolkit to steal credentials using a zero-day (with no CVE ID) in Fortinet's FortiClient Windows VPN client. Another Fortinet FortiManager flaw, dubbed "FortiJump" and tracked as CVE-2024-47575, has been exploited as a zero-day to breach over 50 servers since June 2024.

    Furthermore, Fortinet disclosed two more vulnerabilities (CVE-2024-55591 and CVE-2025-24472) in January and February, also exploited as zero days in ransomware attacks. These recent incidents demonstrate the ongoing importance of timely security patches and the need for organizations to regularly monitor their systems for known vulnerabilities.

    In light of this critical FortiSwitch vulnerability, administrators are advised to upgrade their devices to the latest supported version or apply the provided security patch as soon as possible. Furthermore, it is crucial to implement additional security measures such as implementing multi-factor authentication, monitoring login activity closely, and educating staff about password management best practices.

    For those who are unsure of how to proceed, Fortinet provides various resources to help organizations secure their devices. The company also encourages administrators to apply the temporary workaround until they can upgrade to a supported version or patch their devices with the latest security updates.

    In conclusion, this critical vulnerability highlights the importance of staying vigilant and proactive in maintaining the security of network devices. Organizations must take immediate action to protect themselves against remote password changes by applying the necessary patches, securing administrator access, and implementing robust security controls.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Critical-FortiSwitch-Vulnerability-Leaves-Administrators-Vulnerable-to-Remote-Password-Changes-ehn.shtml

  • https://www.bleepingcomputer.com/news/security/critical-fortiswitch-flaw-lets-hackers-change-admin-passwords-remotely/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-48887

  • https://www.cvedetails.com/cve/CVE-2024-48887/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-47575

  • https://www.cvedetails.com/cve/CVE-2024-47575/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-55591

  • https://www.cvedetails.com/cve/CVE-2024-55591/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-24472

  • https://www.cvedetails.com/cve/CVE-2025-24472/


    • Published: Wed Apr 9 11:31:03 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us