Critical Vulnerability in Fortinet’s FortiSwitch Web-based Graphical User Interface

Fortinet has released security updates addressing a critical vulnerability (CVE-2024-48887) affecting their FortiSwitch web-based Graphical User Interface (GUI). 

Successful exploitation of the vulnerability could allow a remote unauthenticated attacker to change admin passwords via a specially crafted HTTP request that bypasses authentication. Upon gaining access, attackers may modify admin credentials, execute unauthorised configuration changes, or move laterally across internal networks.

The vulnerability affects the following product versions:

• FortiSwitch version 7.6.0

• FortiSwitch versions 7.4.0 through 7.4.4 

• FortiSwitch versions 7.2.0 through 7.2.8 

• FortiSwitch versions 7.0.0 through 7.0.10

• FortiSwitch versions 6.4.0 through 6.4.14

Users and administrators of affected product versions are advised to update to the latest versions. If unable to patch, security teams are advised to implement the following as a workaround:

• Disable HTTP/HTTPS access from administrative interfaces.

• Enable MFA where possible.

• Review logs for password changes and suspicious GUI activity.

• Monitor traffic for unusual HTTP requests to the FortiSwitch interface.

• Restrict access to trusted hosts using the following command line interface:

  • config system admin

  • edit

  • set {trusthost1 | trusthost2 | trusthost3 | trusthost4 |

  • trusthost5 | trusthost6 | trusthost7 | trusthost8 | trusthost9

  • | trusthost10}

  • next

  • end

More information is available here:

https://fortiguard.fortinet.com/psirt/FG-IR-24-435

https://thehackernews.com/2025/04/fortinet-urges-fortiswitch-upgrades-to.html

https://nvd.nist.gov/vuln/detail/CVE-2024-48887

https://socradar.io/fortinet-cve-2024-48887-fortiswitch-admin-credentials/