Fortinet Advises Immediate FortiSwitch Updates to Fix Major Admin Password Vulnerability

TL;DR

Fortinet has issued security updates for a critical vulnerability in FortiSwitch that can allow unauthorized password changes. This flaw, tracked as CVE-2024-48887, poses significant risks with a CVSS score of 9.3. Immediate updates are advised to mitigate potential threats.

Critical Security Update for FortiSwitch Users

Fortinet has released essential security updates to address a critical flaw in FortiSwitch that could allow attackers to change administrator passwords without authorization. This vulnerability, identified as CVE-2024-48887, carries a CVSS score of 9.3 out of 10, indicating its severe nature¹.

Understanding the Vulnerability

The flaw, classified as an unverified password change vulnerability [CWE-620], affects the FortiSwitch GUI. It enables remote, unauthenticated attackers to modify passwords, potentially leading to unauthorized access and control over the device.

Key Points:

• Vulnerability ID: CVE-2024-48887
• CVSS Score: 9.3
• Impact: Allows unauthorized password changes
• Affected Component: FortiSwitch GUI

Mitigation Steps

Fortinet strongly recommends that all users apply the latest security updates to their FortiSwitch devices immediately. This proactive measure is crucial for safeguarding network integrity and preventing potential security breaches. For detailed instructions and additional resources, refer to Fortinet’s official advisory.

Conclusion

The CVE-2024-48887 vulnerability in FortiSwitch underscores the importance of timely updates and vigilant network security practices. By addressing this flaw promptly, organizations can protect their networks from unauthorized access and ensure the continued reliability of their FortiSwitch devices.

Additional Resources

For further insights, check:

• Fortinet Security Advisory

References

1. (2025, April 8). “Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw”. The Hacker News. Retrieved 2025-04-08. ↩︎