{"id":23603,"date":"2025-04-15T17:15:44","date_gmt":"2025-04-15T17:15:44","guid":{"rendered":""},"modified":"2025-05-17T23:39:09","modified_gmt":"2025-05-17T23:39:09","slug":"cve-2024-48887-unverified-password-change-vulnerability-in-fortinet-fortiswitch-gui","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2024-48887-unverified-password-change-vulnerability-in-fortinet-fortiswitch-gui\/","title":{"rendered":"<strong>CVE-2024-48887: Unverified Password Change Vulnerability in Fortinet FortiSwitch GUI<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The cybersecurity world is facing a new threat in the form of a high-severity vulnerability. Identified as CVE-2024-48887, this vulnerability targets the GUI of Fortinet FortiSwitch, a widely utilized network security infrastructure product. This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-0541-critical-remote-buffer-overflow-vulnerability-in-tenda-w9-1-0-0-7-4456\/\"  data-wpil-monitor-id=\"27081\">vulnerability could potentially allow a remote<\/a> unauthenticated attacker to alter administrator passwords at will, providing them with unauthorized access to the system. Given the severity and potential consequences of <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-5881-unauthorized-access-vulnerability-in-the-genie-company-aladdin-connect\/\"  data-wpil-monitor-id=\"33999\">unauthorized access<\/a>, understanding and mitigating this threat is of critical importance for any organization utilizing Fortinet FortiSwitch.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2024-48887<br \/>\nSeverity: Critical (9.8 CVSS score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: System compromise, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-50930-cross-site-request-forgery-csrf-in-savignano-s-notify-leading-to-configuration-tampering-and-potential-data-leakage\/\"  data-wpil-monitor-id=\"32017\">potential data<\/a> leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-1213202976\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Fortinet FortiSwitch | All previous versions<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit works by taking advantage of the lack of verification during the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4558-unverified-password-change-vulnerability-in-gpm-from-wormhole-tech\/\"  data-wpil-monitor-id=\"45435\">password change<\/a> process in the Fortinet FortiSwitch GUI. An attacker can craft a request that mimics the normal password change process, but without the need for current password verification, <a href=\"https:\/\/www.ameeba.com\/blog\/a-comprehensive-guide-to-cyber-attacks-effective-strategies-to-shield-yourself-and-your-business\/\"  data-wpil-monitor-id=\"29316\">effectively allowing the attacker<\/a> to change the admin password. With the new password, the attacker can gain unauthorized access to the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-0573-critical-vulnerability-in-totolink-lr1200gb-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"29317\">system and potentially<\/a> compromise sensitive data or cause system disruption.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-3134625972\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Below is a conceptual example of how the <a href=\"https:\/\/www.ameeba.com\/blog\/fortinet-s-fortigate-vulnerability-ssl-vpn-symlink-exploit-puts-user-access-at-risk-post-patching\/\"  data-wpil-monitor-id=\"30066\">vulnerability might be exploited<\/a> using a specially crafted HTTP request:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/api\/v1\/change_password HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/json\n{ &quot;username&quot;: &quot;admin&quot;, &quot;new_password&quot;: &quot;attacker_password&quot; }<\/code><\/pre>\n<p>In this example, an attacker sends a POST request to the change_password endpoint, specifying the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-2775-unauthenticated-xxe-vulnerability-in-sysaid-on-prem-versions-leading-to-administrator-account-takeover\/\"  data-wpil-monitor-id=\"43838\">administrator account<\/a> (&#8220;admin&#8221;) and a new password chosen by the attacker (&#8220;attacker_password&#8221;). Because the FortiSwitch GUI doesn&#8217;t verify the current password before accepting the change, this request would effectively change the admin password, giving the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2021-47663-unauthenticated-remote-attacker-gaining-full-access-due-to-improper-json-web-tokens-implementation\/\"  data-wpil-monitor-id=\"43839\">attacker administrative access<\/a> to the system.<\/p>\n<p><strong>Recommendations for Mitigation<\/strong><\/p>\n<p>The most effective mitigation for this vulnerability is to apply the vendor-provided patch. Fortinet has released an update that fixes this issue, and users are strongly encouraged to apply this update as soon as possible. In the meantime, or if immediate patching is not possible, using a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can offer temporary mitigation. These <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-0576-critical-vulnerability-in-totolink-lr1200gb-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"29393\">systems can help identify and block potentially<\/a> malicious requests, such as those used in this exploit. However, this is only a temporary solution, and updating the system should be the priority.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The cybersecurity world is facing a new threat in the form of a high-severity vulnerability. Identified as CVE-2024-48887, this vulnerability targets the GUI of Fortinet FortiSwitch, a widely utilized network security infrastructure product. This vulnerability could potentially allow a remote unauthenticated attacker to alter administrator passwords at will, providing them with unauthorized access to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[105],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-23603","post","type-post","status-publish","format-standard","hentry","category-uncategorized","vendor-fortinet"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/23603","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=23603"}],"version-history":[{"count":9,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/23603\/revisions"}],"predecessor-version":[{"id":40638,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/23603\/revisions\/40638"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=23603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=23603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=23603"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=23603"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=23603"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=23603"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=23603"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=23603"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=23603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}