Summary: Fortinet has issued critical security patches for a vulnerability (CVE-2024-48887) in its FortiSwitch devices that allows unauthenticated attackers to remotely change administrator passwords. The flaw, rated 9.8/10 in severity, affects multiple versions of FortiSwitch and requires immediate attention to mitigate risks. A temporary workaround is available for users unable to apply the updates immediately.
Affected: FortiSwitch devices (versions 6.4.0 to 7.6.0)
Keypoints :
- Vulnerability CVE-2024-48887 enables remote attacks allowing unauthorized password changes.
- The flaw affects various FortiSwitch versions and requires updates to versions 6.4.15, 7.0.11, 7.2.9, 7.4.5, and 7.6.1.
- A temporary workaround involves disabling ‘HTTP/HTTPS Access’ on administrative interfaces.