Fortinet, a leading cybersecurity company known for its suite of network security products, has issued a critical security advisory concerning a high-severity vulnerability found in its FortiSwitch product line. The flaw, identified as CVE-2024-48887, carries a CVSS (Common Vulnerability Scoring System) score of 9.3, indicating its severe impact and potential risk if left unpatched.

You might be interested in: Outlaw Botnet: A Growing Crypto Threat

According to Fortinet’s advisory, the vulnerability is categorized as an “unverified password change” vulnerability (CWE-620) within the FortiSwitch Graphical User Interface (GUI). This flaw may allow a remote, unauthenticated attacker to change administrative passwords by sending a specially crafted HTTP or HTTPS request to the device. The issue could be exploited without needing to log in, meaning it poses a serious risk to organizations using vulnerable FortiSwitch versions, as it could allow attackers to gain unauthorized access and control over network devices.

The affected FortiSwitch firmware versions include:

• FortiSwitch 7.6.0 (users should upgrade to 7.6.1 or later)

• FortiSwitch 7.4.0 through 7.4.4 (upgrade to 7.4.5 or later)

• FortiSwitch 7.2.0 through 7.2.8 (upgrade to 7.2.9 or later)

• FortiSwitch 7.0.0 through 7.0.10 (upgrade to 7.0.11 or later)

• FortiSwitch 6.4.0 through 6.4.14 (upgrade to 6.4.15 or later)

The vulnerability was discovered and responsibly disclosed internally by Daniel Rozeboom, a developer with the FortiSwitch web UI team. Fortinet has not observed any active exploitation of this flaw in the wild; however, due to the history of previous vulnerabilities in Fortinet products being exploited by threat actors—often rapidly after public disclosure—users are strongly encouraged to patch as soon as possible.

As a temporary workaround, Fortinet advises organizations to disable HTTP and HTTPS access to the FortiSwitch administrative interfaces, and to restrict access only to trusted hosts or management networks. This mitigates the risk of unauthorized remote access while patches are applied.

Given the criticality of the vulnerability and the broad range of affected versions, Fortinet urges all customers and network administrators to review their FortiSwitch deployments immediately and take action. Timely patching is essential to maintaining network integrity and preventing potential breaches, particularly as threat actors continue to target known vulnerabilities in widely used infrastructure solutions.

For ongoing updates and technical advisories, Fortinet encourages users to follow their official channels on Twitter and LinkedIn, where exclusive cybersecurity content and urgent notices are regularly posted.