A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request
The password change mechanism in FortiSwitch GUI does not verify the identity of the requester — proper authentication is missing before executing the password modification operation (CWE-620: Unverified Password Change). The attacker sends a properly crafted HTTP request to the management interface, bypassing all access control mechanisms. As a result, the administrator account password is overwritten with a value controlled by the attacker without requiring knowledge of the current password or possessing an active session.
An attacker can gain full administrative control over the FortiSwitch device, enabling modification of network configuration, disabling security measures, lateral movement within the infrastructure, and further compromise of the network environment.
Apply patches available from the manufacturer according to references (https://fortiguard.fortinet.com/psirt/FG-IR-24-435). As an interim remedial measure, it is recommended to restrict access to the FortiSwitch GUI interface exclusively to trusted IP addresses through firewall rules and to disable GUI access from untrusted networks if not strictly necessary.
Fortinet FortiSwitch — versions specified in manufacturer references (bulletin FG-IR-24-435)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortiswitch
OSFortinet7.6.06.4.0 – 6.4.15 (bez)7.0.0 – 7.0.11 (bez)7.2.0 – 7.2.9 (bez)7.4.0 – 7.4.5 (bez)
Related vulnerabilities
Buffer Underflow w interfejsie administracyjnym Fortinet FortiOS / FortiProxy — RCE bez uwierzytelnienia
Fortinet FortiSwitch — użycie zakodowanego klucza kryptograficznego umożliwia RCE
Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D...
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x bef...
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet Fort...