Critical FortiSwitch Vulnerability Demands Immediate Patching

Fortinet just dropped some crucial security updates to fix a serious vulnerability. This flaw could let attackers change your admin passwords without even needing to log in. Sounds scary, right?

This vulnerability, known as CVE-2024-48887, is a big deal – it scores a whopping 9.3 out of 10 on the CVSS severity scale. That's pretty high!

Fortinet themselves explained it this way: "An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request." In plain English, someone could sneak in and change your passwords through a cleverly designed request.

Which FortiSwitch Versions Are Affected?

Here's the list of FortiSwitch versions that need patching:

• FortiSwitch 7.6.0 (Upgrade to 7.6.1 or above)
• FortiSwitch 7.4.0 through 7.4.4 (Upgrade to 7.4.5 or above)
• FortiSwitch 7.2.0 through 7.2.8 (Upgrade to 7.2.9 or above)
• FortiSwitch 7.0.0 through 7.0.10 (Upgrade to 7.0.11 or above)
• FortiSwitch 6.4.0 through 6.4.14 (Upgrade to 6.4.15 or above)

Who Found the Flaw?

The good news is that this vulnerability was found internally by Daniel Rozeboom, who works on the FortiSwitch web UI team. So, a big thanks to him for spotting this!

What Can You Do Right Now?

Fortinet suggests a couple of temporary workarounds:

• Disable HTTP/HTTPS access from your administrative interfaces.
• Restrict access to the system to only trusted computers.

But really, the best thing to do is update your FortiSwitch as soon as possible.

While there's no proof that this particular vulnerability is being actively exploited *yet*, Fortinet flaws have been targeted by attackers in the past. So, don't wait around – get those patches installed!