Emergency Security Bulletin: Fortinet FortiSwitch Unverified Password Change Vulnerability

featured image

By: RedLegg's Cyber Threat Intelligence Team

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

VULNERABILITIES:

Fortinet FortiSwitch Unverified Password Change Vulnerability

CVSS Score: 9.3 (Critical)
Identifier: CVE-2024-48887
Exploit or Proof of Concept (PoC): As of now, there are no public reports of active exploitation or available proof-of-concept exploits for this vulnerability.
Update: CVE-2024-48887 – Fortinet Security Advisory

Description: CVE-2024-48887 is a critical vulnerability in the FortiSwitch GUI, where an unverified password change mechanism allows remote, unauthenticated attackers to modify administrator passwords via specially crafted requests. Successful exploitation could grant attackers unauthorized administrative access, potentially compromising the entire network infrastructure managed by the affected FortiSwitch devices.

Mitigation Recommendation: Administrators are strongly advised to upgrade to the latest firmware versions provided by Fortinet to remediate this vulnerability. It is also recommended to restrict access to the FortiSwitch management interface to trusted networks and monitor administrative accounts for unauthorized changes. 

Note: Given the critical nature of this vulnerability and the potential for unauthorized control over network switches, immediate action is essential to secure affected systems. Regularly reviewing and applying security updates is vital to maintaining the integrity and security of network infrastructure.