Fortinet has issued a critical security advisory concerning a significant vulnerability in its FortiSwitch product line. The flaw, designated as CVE-2024-48887, has been assigned a CVSS (Common Vulnerability Scoring System) score of 9.3 out of 10, indicating its high severity.
Nature of the Vulnerability
The identified vulnerability is an unverified password change issue (CWE-620) within the FortiSwitch Graphical User Interface (GUI). This security gap allows remote, unauthenticated attackers to modify administrator passwords by sending specially crafted requests to the affected system. Such unauthorized access could lead to full administrative control over the device, posing significant risks to network integrity and security.
Affected FortiSwitch Versions
The vulnerability impacts the following FortiSwitch firmware versions:
- 7.6.0 (users should upgrade to 7.6.1 or later)
- 7.4.0 through 7.4.4 (upgrade to 7.4.5 or later)
- 7.2.0 through 7.2.8 (upgrade to 7.2.9 or later)
- 7.0.0 through 7.0.10 (upgrade to 7.0.11 or later)
- 6.4.0 through 6.4.14 (upgrade to 6.4.15 or later)
Fortinet has released patches for these versions and strongly recommends that users update their devices promptly to mitigate potential risks.
Discovery and Reporting
This security flaw was internally discovered and reported by Daniel Rozeboom, a member of the FortiSwitch web UI development team. Fortinet has acknowledged his contribution in identifying and addressing this critical issue.
Recommended Mitigation Measures
In addition to applying the necessary firmware updates, Fortinet advises users to implement the following precautionary measures:
- Disable HTTP/HTTPS Access: Turn off HTTP/HTTPS access to administrative interfaces to reduce exposure to potential attacks.
- Restrict System Access: Limit system access to trusted hosts only, ensuring that only authorized devices can communicate with the FortiSwitch administrative interface.
These steps are essential in minimizing the attack surface and enhancing the overall security posture of the network.
Potential Risks and Exploitation
While there is currently no evidence to suggest that this vulnerability has been exploited in the wild, similar security flaws in Fortinet products have previously been targeted by threat actors. The critical nature of this vulnerability underscores the importance of immediate action to prevent unauthorized access and potential network compromise.
Conclusion
Fortinet’s prompt response to CVE-2024-48887 highlights the company’s commitment to maintaining the security and integrity of its products. Users and administrators are urged to review Fortinet’s official advisory, apply the recommended updates, and implement the suggested mitigation measures without delay. Proactive steps are crucial in safeguarding network infrastructure against potential threats and ensuring the continued reliability of FortiSwitch devices.
For detailed information and access to the security updates, users should refer to Fortinet’s official Product Security Incident Response Team (PSIRT) advisory