Critical Fortinet FortiSwitch Vulnerability Allows Password Change Without Authentication
Do Son 
Fortinet has addressed a critical vulnerability in its FortiSwitch devices that allowed remote attackers to change administrator passwords without authentication. The flaw, discovered by the developer of the FortiSwitch web interface, has been assigned the identifier CVE-2024-48887 and carries a CVSS score of 9.8.
The vulnerability stemmed from the absence of proper verification during the password change process via the FortiSwitch web interface. An attacker could craft a special request to the set_password endpoint and alter the administrator’s password without logging in or requiring any user interaction. Due to its low complexity, the exploit poses a significant risk—it can be carried out in virtually any environment where the interface is exposed.
Affected versions range from FortiSwitch 6.4.0 to 7.6.0. The issue has been patched in firmware versions 6.4.15, 7.0.11, 7.2.9, 7.4.5, and 7.6.1. For those unable to promptly apply the updates, Fortinet recommends a temporary mitigation: disabling HTTP and HTTPS access to the administrative interface and restricting device access to trusted hosts only.
The company has also resolved several other security flaws. Among them is an OS command injection vulnerability in FortiIsolator (CVE-2024-54024), as well as multiple vulnerabilities related to Man-in-the-Middle (MitM) attacks affecting FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice, and FortiWeb (CVE-2024-26013 and CVE-2024-50565). These issues could allow unauthorized actors to intercept sensitive data or execute arbitrary commands on the devices.
Fortinet remains a frequent target of cyberattacks, often involving zero-day vulnerabilities. In December 2024, Chinese threat actors deployed the DeepData toolkit to exfiltrate credentials via a zero-day in the FortiClient VPN for Windows. Another active threat, CVE-2024-47575—dubbed “FortiJump”—has been exploited since June 2024 to compromise over 50 FortiManager servers.
Since the beginning of 2025, additional zero-days—CVE-2024-55591 and CVE-2025-24472—have been identified in connection with ransomware campaigns. These incidents reinforce the notion that Fortinet products continue to attract the attention of adversaries, with newly discovered flaws quickly weaponized in live attacks.
Fortinet underscores the urgency of timely system updates and continuous monitoring of administrative interface access—particularly in an era marked by the growing prevalence of attacks leveraging previously unknown vulnerabilities.
