Share This:

Cybersecurity Threat AdvisoryFortinet has recently addressed a critical vulnerability in its FortiSwitch products, identified as CVE-2024-48887, with a CVSS score of 9.3. This “unverified password change” flaw allows remote, unauthenticated attackers to modify administrator passwords through specially crafted requests to the FortiSwitch GUI, potentially granting unauthorized access to affected systems. Continue reading this Cybersecurity Threat Advisory to learn how to limit the impact of this flaw.

What is the threat?

Due to inadequate verification mechanisms, attackers can exploit this vulnerability by sending specially crafted requests to the set_password endpoint. This allows them to change administrator passwords without proper authentication, making this flaw particularly dangerous. This vulnerability affects the following versions:

  • FortiSwitch 7.6.0 (Upgrade to 7.6.1 or above).
  • FortiSwitch 7.4.0 through 7.4.4 (Upgrade to 7.4.5 or above).
  • FortiSwitch 7.2.0 through 7.2.8 (Upgrade to 7.2.9 or above).
  • FortiSwitch 7.0.0 through 7.0.10 (Upgrade to 7.0.11 or above).
  • FortiSwitch 6.4.0 through 6.4.14 (Upgrade to 6.4.15 or above).

Why is it noteworthy?

An attacker gaining administrative access can disrupt network operations, manipulate network traffic, steal sensitive data, and potentially use the compromised FortiSwitch as a pivot point to attack other systems on the network.

What is the exposure or risk?

Organizations running affected versions are vulnerable to this attack. A successful exploitation of CVE-2024-48887 can lead to:

  • Unauthorized access: Attackers can gain administrative control over the FortiSwitch device.
  • Lateral movement: Potential to exploit the compromised switch to access other network resources.
  • Network disruption: Attackers can disrupt network connectivity and operations.
  • Data breaches: Attackers can steal sensitive data from the network.

What are the recommendations?

Barracuda recommends the following actions to limit the impact of CVE-2024-48887:

  • Upgrade FortiSwitch devices to the latest firmware versions.
  • Disable HTTP/HTTPS access to the administrative interface of the FortiSwitch as a workaround.
  • Restricting access to the FortiSwitch management interface to only trusted hosts is also advised.
  • Implement network segmentation to limit the impact of a potential breach.
  • Deploy proactive network monitoring tools, such as Barracuda Managed XDR Network Security, to detect unusual traffic patterns.
  • Utilize multi-factor authentication (MFA) to enhance security.

Reference

For more in-depth information about the recommendations, please visit the following link:

If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.


Share This:
Stacey Landrum

Posted by Stacey Landrum

Stacey is a Cybersecurity Analyst at Barracuda. She's a security expert, working on our Blue Team within our Security Operations Center. Stacey supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

All Posts

Leave a reply

Your email address will not be published. Required fields are marked *