Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical unverified password change in Fortinet Fortiswitch, Patch Immediately!
Image
Published : 09/04/2025
- Last update: 09/04/2025
- Affected software:: Fortinet FortiSwitch GUI versions: 7.6, 7.4, 7.2, 7.0, 6.4.
- Type: unverified password change
- CVE/CVSS
→ CVE-2024-48887: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://nvd.nist.gov/vuln/detail/CVE-2024-48887
Risks
The FortiSwitch GUI is the web-based graphical user interface used to manage and configure FortiSwitch units, offering an alternative to the command-line interface (CLI) for tasks like configuring FortiLink, viewing shared ports, and managing FortiSwitch features.
On the 8th of April 2025, Fortinet announced that a critical vulnerability has been found in the FortiSwitch GUI versions: 7.6, 7.4, 7.2, 7.0, 6.4. It is an unverified password change vulnerability. A remote attacker without any form of authentication could exploit this vulnerability by using a specially crafted request to change admin passwords.
As of April 9, 2025, there are no publicly reported incidents of CVE-2024-48887 being exploited in real-world attacks and there is no available proof-of-concept (PoC) online.
This vulnerability has a high impact on all 3 aspects of the CIA triad (Confidentiality, Integrity, Availability).
Description
By arbitrarily changing the admin passwords, the attacker can bypass existing security controls to gain full control of the network switch. This means that the internal communications, authentication data, and sensitive systems are exposed.
If the attacker performs lateral movement in the network, this can result to the completely compromise the integrity and the availability of the entire network infrastructure.
There is no need for valid credentials to modify the admin password, which means that anyone on the network or on any internet-exposed interfaces can exploit CVE-2024-48887 without prior access.
This vulnerability is hard to detect as it does not trigger any alarms. If the attacker wipes the logs, the detection can be delayed further.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing. The CCB recommends upgrading to versions 7.6.1 or above, 7.4.5 or above, 7.2.9 or above, 7.0.11 or above, 6.4.15 or above, as soon as possible.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:< https://ccb.belgium.be/cert/report-incident>.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.