CVE-2024-48887 Scanner

Fortinet FortiSwitch is a series of secure, simple, and scalable Ethernet switches used in enterprise and data center networks to deliver comprehensive, integrated security and network access control. These switches are typically deployed in medium to large-scale IT environments, where they enable seamless management and control of network traffic. Fortinet products are widely used in both private and public sectors for securing digital infrastructures. FortiSwitch integrates directly into Fortinet’s Security Fabric, offering centralized visibility and management. Administrators leverage FortiSwitch for high-performance Layer 2 switching and enhanced security policy enforcement. These devices are configured and monitored primarily through the FortiSwitch GUI.

The vulnerability identified in Fortinet FortiSwitch involves an unverified password change flaw within the product's web-based GUI. This critical flaw allows remote unauthenticated attackers to modify administrative passwords through a specially crafted request. The vulnerability is categorized under CWE-620 and affects multiple versions of the FortiSwitch firmware. If exploited, attackers can gain unauthorized access and elevate their privileges, potentially compromising the entire network infrastructure. The flaw is especially dangerous due to the lack of user interaction or elevated permissions required to execute the attack. It emphasizes the need for secure handling of administrative actions in GUI-based management interfaces.

Technically, the vulnerability exists in the password update logic of the FortiSwitch GUI, where no authentication checks are enforced before processing a password change request. This allows remote attackers to send a crafted HTTP/HTTPS request directly to the administrative interface. Since the interface does not validate user identity properly, the attacker can arbitrarily reset passwords, including those of administrative users. The vulnerability impacts specific firmware versions across FortiSwitch 6.4 to 7.6. Devices with HTTP/HTTPS admin access enabled are particularly vulnerable. Fortinet has addressed this issue in patched versions by enforcing authentication verification and introducing additional controls in the GUI code.

Exploitation of this vulnerability could lead to severe consequences such as full administrative control of affected devices by malicious actors. Attackers may leverage unauthorized access to alter system configurations, disable security features, or deploy malware. It also opens pathways for lateral movement across the network, data exfiltration, and service disruption. In managed environments, it could undermine trust boundaries and lead to network-wide compromise. Critical infrastructure relying on FortiSwitch may be at higher risk due to the cascading impact of privilege escalation. The issue also exposes organizations to potential regulatory and reputational damage.

REFERENCES

• https://fortiguard.fortinet.com/psirt/FG-IR-24-435
• https://nvd.nist.gov/vuln/detail/CVE-2024-48887
• https://www.cyber.gc.ca/en/alerts-advisories/fortinet-security-advisory-av25-197
• https://securityonline.info/fortinet-critical-unverified-password-change-flaw-in-fortiswitch/
• https://thehackernews.com/2025/04/fortinet-urges-fortiswitch-upgrades-to.html