Fortinet has released security updates to address a critical security lack that affects Fortiswitch, which can allow an attacker to make unauthorized password changes.
Vulnerability tracked as Cve-2024-4887It carries the CVSS 9.3 with a maximum of 10.0.
“Unverified vulnerability Password change (CWE-620) in Gui Fortiswitch can allow distant unauthorized attackers to change administrator’s passwords using a specially designed request,” Fortineet – Note In the Advisory, released today.
Lack of the following versions –
- Fortiswitch 7.6.0 (update up to 7.6.1 and above)
- Fortiswitch 7.4.0 to 7.4.4 (update up to 7.4.5 and above)
- Fortiswitch 7.2.0 to 7.2.8 (update up to 7.2.9 and above)
- Fortiswitch 7.0.0 to 7.0.10 (update up to 7.0.11 and above) and
- Fortiswitch 6.4 to 6.4.14 (update up to 6.4.15 and above)
The network security company said the security hole was discovered and reported by Daniel Rosbum from the Fortiswitch interface team.
As a treatment, Fortinet recommends that you disable HTTP/HTTPS access from administrative interfaces and restrict access to the system only trusted host.
While there is no evidence that vulnerability has been used, a number of disadvantages affecting the Fortinet products weapon In terms of the actors, making it important to make users quickly move to apply patches.
