Full Report
Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0. "An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify
Analysis Summary
# Vulnerability: FortiSwitch Critical Unverified Password Change Flaw
## CVE Details
- CVE ID: CVE-2024-48887
- CVSS Score: 9.3 (Critical)
- CWE: CWE-620 (Unverified Password Change)
## Affected Systems
- Products: FortiSwitch (FortiSwitch GUI)
- Versions:
- FortiSwitch 7.6.0 (Upgrade to 7.6.1 or above)
- FortiSwitch 7.4.0 through 7.4.4 (Upgrade to 7.4.5 or above)
- FortiSwitch 7.2.0 through 7.2.8 (Upgrade to 7.2.9 or above)
- FortiSwitch 7.0.0 through 7.0.10 (Upgrade to 7.0.11 or above)
- FortiSwitch 6.4.0 through 6.4.14 (Upgrade to 6.4.15 or above)
- Configurations: Applicable when the FortiSwitch GUI is accessible.
## Vulnerability Description
The vulnerability is an unverified password change flaw existing in the FortiSwitch web-based Graphical User Interface (GUI). This flaw could allow a remote, unauthenticated attacker to modify the administrator passwords by sending a specially crafted request to the device.
## Exploitation
- Status: No evidence of exploitation in the wild reported, but swift patching is advised due to known threat actor exploitation of other Fortinet flaws.
- Complexity: Likely Low, given it allows remote unauthenticated access to change an admin password.
- Attack Vector: Network
## Impact
- Confidentiality: High (Administrator credentials compromise)
- Integrity: High (Unauthorized modification of critical settings)
- Availability: Medium/High (Loss of access or device manipulation)
## Remediation
### Patches
- Upgrade FortiSwitch to the following versions or later:
- 7.6.1 or above
- 7.4.5 or above
- 7.2.9 or above
- 7.0.11 or above
- 6.4.15 or above
### Workarounds
- Disable HTTP/HTTPS access from administrative interfaces.
- Restrict access to the administrative system/interface to only trusted hosts.
## Detection
- Detection methods provided in the source material focus on remediation rather than specific IoCs. Monitor network traffic for unexpected or malformed HTTP/HTTPS requests directed at the FortiSwitch management interface, particularly those referencing password change functions.
## References
- Vendor Advisory: fortiguard dot fortinet dot com/psirt/FG-IR-24-435