Fortinet has issued security updates to address an important security defect affecting Fortisvich that may allow an attacker to make unauthorized password changes.
Pulpy, tracked as Cve-2024-48887CVSS scores 9.3 out of the maximum of 10.0.
“A Asuchi password changes vulgarity [CWE-620] GUI in Fortiswich can allow a distance informal assailant to modify the administrator password through a specially designed request, “Fortinet said in a advisor issued today.
The deficiency affects the following versions –
- Fortiswitch 7.6.0 (upgrade 7.6.1 or above)
- 7.4.4 (7.4.5 or more upgrade) via Fortiswitch 7.4.0
- 7.2.8 (7.2.9 or more upgrade) via Fortiswitch 7.2.0
- 7.0.10 (7.0.11 or above upgrade) through Fortiswitch 7.0.0, and
- Fortiswitch 6.4.0 (upgrade for 6.4.15 or more) through 6.4.14
The network safety company stated that the security holes were discovered internally and reported by Daniel Ruzbom of Fortisvich Web UI Development Team.
As a work -round, Fortinet has recommended to disable HTTP/HTTPS access from administrative interface and ban access to trusted hosts only to the system.
Although there is no evidence that vulnerability has been exploited, many security flaws affecting Fortinet products have been armed by danger actors, making it necessary to move quickly to implement the user patch.
