Published on: 2025-04-09

Intelligence Report: Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords – Securityaffairs.com

1. BLUF (Bottom Line Up Front)

A critical vulnerability identified as CVE-2024-48887 in Fortinet’s FortiSwitch devices has been disclosed, with a CVSS score of 9.8. This flaw allows remote attackers to change administrator passwords through an unverified password change vulnerability in the FortiSwitch GUI. Immediate action is required to mitigate potential security breaches by upgrading affected systems and implementing recommended workarounds.

2. Detailed Analysis

The following structured analytic techniques have been applied for this analysis:

General Analysis

The vulnerability was internally discovered by Daniel Rozeboom and affects multiple versions of FortiSwitch. The flaw could lead to unauthorized access and control over network devices, posing a significant threat to network security. Fortinet has released updates to address this vulnerability, and temporary workarounds are advised for unpatched systems.

3. Implications and Strategic Risks

The exploitation of this vulnerability could lead to unauthorized network access, data breaches, and potential disruptions in critical infrastructure. National security could be compromised if sensitive networks are affected. Economic interests are also at risk due to potential financial losses and reputational damage to affected organizations.

4. Recommendations and Outlook

Recommendations:

• Upgrade affected FortiSwitch devices to the latest secure versions as specified by Fortinet.
• Implement temporary workarounds by disabling HTTP/HTTPS admin access and restricting access to trusted hosts.
• Conduct regular security audits and vulnerability assessments to prevent future exploits.

Outlook:

In the best-case scenario, rapid implementation of patches and workarounds will mitigate the risk of exploitation. The worst-case scenario involves widespread exploitation before patches are applied, leading to significant security breaches. The most likely outcome is a moderate level of exploitation with gradual mitigation as organizations update their systems.

5. Key Individuals and Entities

The report mentions Daniel Rozeboom as the individual who discovered the vulnerability. The primary entity involved is Fortinet, responsible for addressing the flaw and providing updates.