Fortinet Issues Urgent Patch for Critical FortiSwitch Vulnerability Allowing Remote Admin Password Changes

Fortinet Fixes Critical Flaw in FortiSwitch That Puts Admin Access at Risk

Cybersecurity giant Fortinet has issued a critical security patch addressing a newly discovered vulnerability that could allow attackers to remotely change administrator passwords on FortiSwitch devices. The flaw, identified as CVE-2024-48887, was found by Daniel Rozeboom from Fortinet’s own FortiSwitch Web UI development team. It has received a severity rating of 9.8 out of 10, indicating its serious nature and potential impact.

The vulnerability resides in the FortiSwitch web GUI, specifically within the set_password endpoint, and can be exploited by unauthenticated attackers. It doesn’t require user interaction and is considered low complexity—making it dangerously easy to execute.

To mitigate the threat, Fortinet has released patched versions for multiple branches of FortiSwitch, ranging from version 6.4.0 up to 7.6.0. Customers are urged to upgrade to the most recent secure versions immediately. For those unable to apply updates right away, Fortinet has provided a temporary workaround: disable HTTP/HTTPS access from administrative interfaces and restrict device access to trusted hosts only.

The release also accompanies fixes for several other vulnerabilities across Fortinet’s product line, including FortiIsolator, FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice, and FortiWeb—some of which could allow man-in-the-middle attacks or OS command injections.

Fortinet vulnerabilities have a history of being actively exploited in the wild. In recent months, attackers have taken advantage of zero-day bugs in Fortinet’s FortiClient VPN and FortiManager software, some of which were used to breach over 50 servers and steal credentials.

What Undercode Say:

The recent disclosure of CVE-2024-48887 is a powerful reminder of how a single vulnerability can threaten entire network infrastructures. The fact that this flaw allows attackers to change admin passwords without authentication is particularly concerning—this bypasses one of the most fundamental security barriers and leaves entire organizations exposed to unauthorized access.

FortiSwitch devices are commonly deployed in enterprise environments where they handle significant volumes of network traffic. If compromised, these devices could be weaponized for lateral movement within networks, data exfiltration, or the launch of further attacks. The attack’s low complexity and lack of need for user interaction make it a prime candidate for exploitation by both opportunistic attackers and well-funded APT groups.

Historically, Fortinet’s vulnerabilities have been highly attractive to attackers, especially state-sponsored groups. The DeepData toolkit used by Chinese hackers to exploit an unpatched FortiClient VPN flaw late last year demonstrates how quickly these vulnerabilities are weaponized. That attack occurred before the CVE was even assigned, underscoring how vital it is for organizations to stay ahead of patch cycles.

The guidance to disable HTTP/HTTPS admin access on FortiSwitch might be inconvenient but is a critical temporary measure. Restricting access only to known, trusted hosts can significantly reduce exposure until patches can be applied. However, these should be treated as emergency stop-gaps—not long-term fixes.

Another major concern is that CVE-2024-48887 is not isolated. It’s part of a worrying trend where multiple Fortinet products have been found vulnerable, some even exploited in zero-day attacks months before patches become available. Examples like CVE-2024-47575 (FortiJump), which enabled breaches on over 50 servers, highlight the value attackers see in Fortinet’s ecosystem.

The widespread reliance on Fortinet products makes them a high-priority target, and cybersecurity teams must monitor threat intelligence closely. Beyond immediate patching, organizations should audit Fortinet device configurations, monitor logs for suspicious activity tied to password changes, and enforce strict segmentation around FortiSwitch devices.

Proactive security hygiene—combined with swift patching and access controls—is essential. Waiting for another zero-day to hit could be catastrophic, especially when critical infrastructure or high-value data is involved.

In light of all this, Fortinet users need to stay vigilant, ensuring patches are applied immediately and monitoring for signs of compromise in their environment. With attackers now favoring low-complexity, high-impact exploits, even a single oversight could lead to serious consequences.

Fact Checker Results:

✅ Vulnerability Confirmed: CVE-2024-48887 is officially acknowledged by Fortinet and rated 9.8/10 in severity.
✅ Patches Released: Fixes are available for affected FortiSwitch versions; users are urged to upgrade immediately.
✅ Threat Potential High: Fortinet vulnerabilities have a proven track record of being exploited in real-world attacks.