Fortinet Advises Immediate Upgrade to Fix Critical FortiSwitch Vulnerability - #CVE-2024-4887
Fortinet has issued a critical security advisory for FortiSwitch users, urging them to update their firmware due to a severe vulnerability (CVE-2024-4887) with a CVSS score of 9.3. This flaw, discovered by Daniel Rozeboom, allows remote attackers to modify administrative passwords through a specially crafted request to the FortiSwitch GUI. Users are strongly advised to upgrade to patched versions, including FortiSwitch 7.6.0 and above, to mitigate the risk. If immediate patching is not possible, Fortinet recommends disabling HTTP/HTTPS access from administrative interfaces and setting up trusted hosts. This vulnerability was part of Fortinet's April 2025 Patch Tuesday release, which addressed a total of ten vulnerabilities, including two high-severity flaws (CVE-2024-26013 and CVE-2024-50565) affecting multiple Fortinet products.