Fortinet has issued an urgent security advisory addressing a critical vulnerability (CVE-2024-48887) in FortiSwitch network devices that could allow unauthorized attackers to modify administrative passwords remotely. The vulnerability, scoring a critical 9.3 on the CVSS scale, represents a significant security risk for organizations using affected FortiSwitch devices.
Understanding the Critical Vulnerability
The security flaw, discovered by FortiSwitch web interface developer Daniel Rosebaum, enables attackers to exploit the device’s password management functionality through its graphical interface. What makes this vulnerability particularly dangerous is that it requires no authentication or user interaction to execute, allowing attackers to gain administrative access by sending specially crafted requests to the set_password function.
Affected Systems and Available Patches
The vulnerability impacts FortiSwitch devices running firmware versions 6.4.0 through 7.6.0. Fortinet has released security patches in the following firmware versions to address this critical issue:
– Version 6.4.15
– Version 7.0.11
– Version 7.2.9
– Version 7.4.5
– Version 7.6.1
Immediate Risk Mitigation Strategies
For organizations unable to implement immediate patches, Fortinet recommends implementing these crucial security measures:
1. Disable HTTP/HTTPS access to the administrative interface
2. Implement strict access control by limiting device accessibility to trusted IP addresses only
Additional Security Updates
The security update also addresses several other vulnerabilities across Fortinet’s product line, including:
– Command injection vulnerability in FortiIsolator (CVE-2024-54024)
– Man-in-the-middle attack vulnerabilities affecting FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice, and FortiWeb (CVE-2024-26013 and CVE-2024-50565)
According to security research platform Censys, approximately 864 potentially vulnerable FortiSwitch devices are currently exposed to the internet. Given the critical nature of this vulnerability and its potential impact on network security, organizations should prioritize the implementation of available security patches or recommended mitigation measures to protect their network infrastructure from unauthorized access and potential breaches.
