CVE-2024-48887 | THREATINT

Description

A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request

PUBLISHED Reserved 2024-10-09 | Published 2025-04-08 | Updated 2026-02-26 | Assigner fortinet

CRITICAL: 9.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C

Problem types

Escalation of privilege

Product status

Default status

unaffected

7.6.0

affected

7.4.0 (semver)

affected

7.2.0 (semver)

affected

7.0.0 (semver)

affected

6.4.0 (semver)

affected

References

fortiguard.fortinet.com/psirt/FG-IR-24-435

cve.org (CVE-2024-48887)

nvd.nist.gov (CVE-2024-48887)

Download JSON