Fortinet, a global leader in cybersecurity solutions, has issued an urgent warning to all users of its FortiSwitch products. The company has identified a critical security vulnerability that could allow remote attackers to change administrative passwords without authentication.
The flaw is being tracked as CVE-2024-48887 and has been assigned a CVSS severity score of 9.3 out of 10, marking it as a high-risk threat. Fortinet has released patches to fix the issue and is strongly advising all users to upgrade their devices immediately to the latest secure versions.
What is CVE-2024-48887?
The newly discovered vulnerability is described as an unverified password change flaw (classified under CWE-620). It resides in the Graphical User Interface (GUI) of FortiSwitch devices and could allow a remote, unauthenticated attacker to change the administrative password by sending a specially crafted request.
In simpler terms, someone on the internet with no login access could potentially gain control of FortiSwitch devices by resetting the admin password remotely. This would give them full administrative control, allowing for further attacks or data breaches.
Fortinet said in its security advisory:
“An unverified password change vulnerability in FortiSwitch GUI may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request.”
Affected FortiSwitch Versions
The vulnerability impacts multiple versions of the FortiSwitch firmware. Below is a list of the affected versions and the recommended upgrades:
FortiSwitch 7.6.0 → Upgrade to 7.6.1 or later
FortiSwitch 7.4.0 to 7.4.4 → Upgrade to 7.4.5 or later
FortiSwitch 7.2.0 to 7.2.8 → Upgrade to 7.2.9 or later
FortiSwitch 7.0.0 to 7.0.10 → Upgrade to 7.0.11 or later
FortiSwitch 6.4.0 to 6.4.14 → Upgrade to 6.4.15 or later
Users are urged to check their current firmware version and update immediately to a secure release to prevent potential exploitation.
Discovered Internally – But Don’t Wait
The vulnerability was discovered internally by Daniel Rozeboom, a developer on the FortiSwitch Web UI team. Fortinet deserves credit for proactively identifying and addressing the flaw before it was exploited in the wild.
At this time, there is no public evidence that the vulnerability has been used in real-world attacks. However, given the nature of the flaw and the history of Fortinet devices being targeted by cybercriminals, the risk remains high.
In the past, attackers have successfully exploited vulnerabilities in Fortinet products to gain unauthorized access to corporate networks, steal data, and deploy ransomware. This makes patching security flaws as soon as possible a critical security practice.
Workarounds for FortiSwitch Vulnerability
For users who may not be able to upgrade immediately, Fortinet has suggested some temporary workarounds to reduce exposure:
Disable HTTP and HTTPS access on administrative interfaces
Restrict access to the FortiSwitch device from only trusted IP addresses or hosts
While these steps can reduce the risk of exploitation, they are not permanent fixes. Users are still encouraged to install the official firmware updates as soon as possible.
Why This Patch Is Critical
Although no exploitation has been observed yet, attackers often act quickly once vulnerabilities are made public. The window of opportunity for cybercriminals to take advantage of unpatched systems can be short.
This is especially concerning for enterprise networks and data centers, where FortiSwitch devices are commonly deployed to manage network traffic. A compromised switch could be used as a stepping stone to infiltrate deeper into a corporate network.
Fortinet’s prompt disclosure and patch release help mitigate this risk, but only if users take action.
Final Thoughts
If you or your organization uses FortiSwitch devices, the most important thing you can do right now is to verify your firmware version and install the latest security updates provided by Fortinet.
Cybersecurity threats are constantly evolving, and device manufacturers like Fortinet play a key role in safeguarding digital infrastructure. However, the responsibility to apply patches and updates lies with users and administrators.
By staying up to date with security patches and following best practices like limiting administrative access, organizations can significantly reduce their risk of being targeted by cyber attackers.
Key Takeaways:
Vulnerability: CVE-2024-48887 affects FortiSwitch GUI, allowing unauthorized password changes.
Severity: Rated 9.3 (Critical) on the CVSS scale.
Action Required: Update FortiSwitch firmware immediately to the latest versions.
Workaround (if patching is delayed): Disable HTTP/HTTPS access and restrict access to trusted IPs.
Risk Level: High, especially given Fortinet’s history of being targeted by advanced threat actors.
Stay safe by patching early, auditing your access controls, and keeping your cybersecurity hygiene up to date.
Follow us on 
(Twitter) for real time updates and exclusive content.
Interesting Article : Google Fixes Two Actively Exploited Android Bugs in April 2025 Update