Summary: Fortinet has announced critical security updates for FortiSwitch addressing a severe vulnerability (CVE-2024-48887) that allows unauthorized password changes by remote attackers. With a CVSS score of 9.3, the flaw affects multiple versions of FortiSwitch and necessitates immediate patching. Users are urged to apply updates or implement recommended workarounds to safeguard their systems.
Affected: Fortinet FortiSwitch
Keypoints :
- Critical vulnerability allows remote unauthorized password changes in FortiSwitch.
- Affected versions include FortiSwitch 7.6.0, 7.4.0-7.4.4, 7.2.0-7.2.8, 7.0.0-7.0.10, and 6.4.0-6.4.14.
- Workarounds include disabling HTTP/HTTPS access and restricting access to trusted hosts.
- Quick application of patches is essential due to past exploitation of Fortinet vulnerabilities.
Source: https://thehackernews.com/2025/04/fortinet-urges-fortiswitch-upgrades-to.html