You are currently viewing A Flip in the FortiSwitch: FortiSwitch Users Urged to Patch Critical Security Flaw

A Flip in the FortiSwitch: FortiSwitch Users Urged to Patch Critical Security Flaw

CVE-2024-48887 is a critical vulnerability affecting the Fortinet FortiSwitch web interface, with a CVSS score of 9.8. It stems from improper access control, allowing remote attackers to change administrator passwords without authentication, potentially leading to full system compromise.

Fortinet’s FortiSwitch series delivers secure, high-performance Ethernet switching solutions that integrate seamlessly with FortiGate security appliances via FortiLink. This integration enables centralized management of security and access controls, simplifying network administration. Designed for scalability, FortiSwitches are ideal for various environments, from small businesses to large enterprises, offering advanced security features and low latency to support demanding applications.

Technical Details

Before exploring how this critical vulnerability can be exploited, it’s important to understand its root cause. The issue stems from insufficient input validation in the password change feature of the FortiSwitch GUI. This flaw allows remote attackers to craft malicious HTTP requests that reset administrative passwords without authentication. Successful exploitation could give attackers full administrative access, putting the entire network at risk. The following steps are carried out to succesfully exploit this vulnerability:

  • An attacker knowing the vulnerable password change endpoint of the FortiSwitch GUI, will craft a HTTP request targeting the endpoint, which is then transmitted over network.
  • Because proper verification is missing, FortiSwitch accepts the malicious request and updates the administrator’s password to the value provided by the attacker.
  • Once the administrator password is changed, the attacker can gain access to the FortiSwitch with elevated privileges, putting the network’s security at serious risk.

Impact

The impact of this vulnerability is highly severe. They grant attackers full system access, which could allow them to obtain or modify sensitive data. The risk is further heightened by the attack’s low complexity.

Products Affected

The vulnerability impacts FortiSwitch versions 6.4.0 through 6.4.14, 7.0.0 through 7.0.10, 7.2.0 through 7.2.8, 7.4.0 through 7.4.4 and 7.6.0  

Solution and Mitigation

Upgrade FortiSwitch to 6.4.15, 7.0.11, 7.2.9, 7.4.5, 7.6.1 or above.

If upgrading to the latest version is not possible then follow the below mentioned mitigation:

Disable HTTP/HTTPS Access from administrative interfaces

Configure trusted hosts to limit the hosts that can connect to the system:
config system admin
edit <admin_name>
set {trusthost1 | trusthost2 | trusthost3 | trusthost4 |
trusthost5 | trusthost6 | trusthost7 | trusthost8 | trusthost9
| trusthost10} <address_ipv4mask>
next
end

Instantly Fix Risks with SanerNow Patch Management

SanerNow patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. SanerNow patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.