​FortiNet Addresses Critical FortiSwitch Vulnerability

Fortinet recently released patches for a critical security vulnerability in its FortiSwitch devices, it was discovered internally and identified as CVE-2024-48887. This flaw allows attackers to create bogus web requests that invoke the device to change its administrator password.

Vulnerability Details

The vulnerability stems from the FortiSwitch GUI's set_password endpoint, attackers can send an unverified web request to the endpoint  to change the administrator password. Exploiting this flaw does not require the attacker have any access to the device, remote or otherwise. This makes it a critical vulnerability for companies using FortiSwitch devices.

Affected Versions and Patching Recommendations

Fortinet advised customers to patch this vulnerability by updating to the following firmware versions:​

FortiSwitch 7.6.0: Upgrade to version 7.6.1 or later.​
FortiSwitch 7.4.0 through 7.4.4: Upgrade to version 7.4.5 or later.​
FortiSwitch 7.2.0 through 7.2.8: Upgrade to version 7.2.9 or later.​
FortiSwitch 7.0.0 through 7.0.10: Upgrade to version 7.0.11 or later.​
FortiSwitch 6.4.0 through 6.4.14: Upgrade to version 6.4.15 or later.​

Update your FortiSwitch devices to the latest firmware versions as soon as possible to mitigate this security risk. Fortinet recommends disabling the remote admin interface on FortiSwitch devices unless it is absolutely needed.

Recent Fortinet Vulnerabilities

This disclosure follows another vulnerability that was disclosed in February 2024 which affected FortiOS and FortiProxy systems. Though exploited in 2022 the vulnerability was only disclosed in 2024. This vulnerability allowed attackers bypass authentication and obtain super-admin privileges. Fortinet released patches to address this issue, but some 15,000 devices had their configurations leaked.  

Recommendations for Fortinet Users

To ensure the security of Fortinet devices:

• Regularly Update Firmware: Always keep Fortinet devices updated with the latest firmware releases to protect against known vulnerabilities.​
• Monitor Official Advisories: Stay informed by regularly checking Fortinet's official security advisories and subscribing to relevant cybersecurity alert services.​
  
• Implement Robust Security Practices: Beyond patching, adopt comprehensive security measures, including strong access controls, network segmentation, and continuous monitoring for suspicious activities.​

By proactively managing device security and staying informed about potential vulnerabilities, organizations can better protect their networks from emerging threats.

Conclusion 

The recent vulnerabilities in Fortinet products, particularly CVE-2024-48887 in FortiSwitch devices, highlight the critical importance of proactive cybersecurity measures. Organizations must prioritize timely firmware updates and adhere to best security practices to safeguard their networks against potential exploits. If your company is concered about potential threats, visit our "Contact Us" page. With our vCISO services we can provide continous network monitoring for your company as well as a plethora of other services. Staying vigilant and responsive to security advisories ensures the integrity and resilience of network infrastructures.