Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords
Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords
April 09, 2025 
Fortinet addressed a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely.
Fortinet has released security updates to address a critical vulnerability, tracked as CVE-2024-48887 (CVSS score 9.8), in its FortiSwitch devices. A remote attacker can exploit the vulnerability to change administrator passwords.
“An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request.” reads the advisory.
The vulnerability was internally discovered and reported by Daniel Rozeboom of the FortiSwitch web UI development team.
The flaw impacts the following versions:
| Version | Affected | Solution |
|---|---|---|
| FortiSwitch 7.6 | 7.6.0 | Upgrade to 7.6.1 or above |
| FortiSwitch 7.4 | 7.4.0 through 7.4.4 | Upgrade to 7.4.5 or above |
| FortiSwitch 7.2 | 7.2.0 through 7.2.8 | Upgrade to 7.2.9 or above |
| FortiSwitch 7.0 | 7.0.0 through 7.0.10 | Upgrade to 7.0.11 or above |
| FortiSwitch 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
Fortinet advises disabling HTTP/HTTPS admin access and limiting FortiSwitch access to trusted hosts as a temporary workaround for unpatched systems.
In June 2024, Fortinet addressed the flaw CVE-2024-26010, a stack-based overflow vulnerability [CWE-124] in FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager that could allow a remote attacker to execute arbitrary code or commands by sending crafted packets to the fgfmd daemon. However, the exploitability of this vulnerability depends on specific conditions that are not controllable by the attacker.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Fortinet)
