Severe vulnerability in FortiSwitch allows hackers to modify administrator passwords, even remotely.

Fortinet has identified a critical vulnerability in multiple versions of FortiSwitch that allows malicious actors to modify user login credentials. In a recently issued security advisory, the company detailed this privilege escalation flaw, the affected versions, and provided a mitigation measure for those who cannot apply the fix immediately.

The vulnerability, identified as SWE-620, has received a severity rating of 9.3 out of 10, classified as critical. In the National Vulnerability Database (NVD), it has been assigned the identifier CVE-2024-48887, with an even higher score of 9.8 out of 10. The flaw was detected in the password reset form, which can be manipulated to reveal the original password.

Regarding how to mitigate this issue, MITRE advises against using the "forgot password" feature. If it is essential to use it, one should ensure that information is only provided to the legitimate user, using, for example, a previously established email address or security question. It is important not to allow the current user to modify this identity information until the correct password has been entered.

The affected versions include FortiSwitch 6.4 up to 6.4.14, 7.0 up to 7.0.10, 7.2 up to 7.2.8, 7.4 up to 7.4.4, and 7.6. Users are recommended to upgrade to the latest version of the software to mitigate the vulnerability. Those who cannot apply the patches immediately should implement the workaround, which includes disabling HTTP/HTTPS access from administrative interfaces.

FortiSwitch is a range of high-performance, secure Ethernet switches designed to integrate closely with Fortinet's security fabric, particularly with FortiGate firewalls. Its use is primarily in enterprise environments, making it a highly sought-after target. Firewalls, switches, and hubs are excellent entry points into the entire target network and larger goals.