FortiSwitch | Breaking Cybersecurity News | The Hacker News

Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887 , carries a CVSS score of 9.3 out of a maximum of 10.0. "An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request," Fortinet said in an advisory released today. The shortcoming impacts the following versions - FortiSwitch 7.6.0 (Upgrade to 7.6.1 or above) FortiSwitch 7.4.0 through 7.4.4 (Upgrade to 7.4.5 or above) FortiSwitch 7.2.0 through 7.2.8 (Upgrade to 7.2.9 or above) FortiSwitch 7.0.0 through 7.0.10 (Upgrade to 7.0.11 or above), and FortiSwitch 6.4.0 through 6.4.14 (Upgrade to 6.4.15 or above) The network security company said the security hole was internally discovered and reported by Daniel Rozeboom of the FortiSwitch web UI develo...