fkie_nvd - fkie_cve-2024-48887

fkie_cve-2024-48887

Vulnerability from fkie_nvd

Published

2025-04-08 17:15

Modified

2025-07-23 16:03

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request

References

▶	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-24-435	Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortiswitch	*
fortinet	fortiswitch	*
fortinet	fortiswitch	*
fortinet	fortiswitch	*
fortinet	fortiswitch	7.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B371109-292C-4FCC-B15E-F16EE312BB13",
              "versionEndExcluding": "6.4.15",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B11CFFF-42AB-40E5-8AA0-DCAB1364A2BD",
              "versionEndExcluding": "7.0.11",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "038A829E-84FE-4B42-AE54-A6DE066EE59C",
              "versionEndExcluding": "7.2.9",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "47E81562-F1B3-4759-B046-DC343FD7651A",
              "versionEndExcluding": "7.4.5",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortiswitch:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C81F91-69B3-4F98-9B5E-AD6C03E05638",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A  unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de cambio de contrase\u00f1a no verificada en la GUI de Fortinet FortiSwitch puede permitir que un atacante remoto no autenticado cambie las contrase\u00f1as de administrador a trav\u00e9s de una solicitud especialmente manipulada."
    }
  ],
  "id": "CVE-2024-48887",
  "lastModified": "2025-07-23T16:03:34.897",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-08T17:15:34.440",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-435"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-620"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Primary"
    }
  ]
}

CVE-2024-48887 (GCVE-0-2024-48887)

Vulnerability from cvelistv5

Published

2025-04-08 16:52

Modified

2025-04-09 04:00

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RC:C

CWE

CWE-620 - Escalation of privilege

Summary

A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request

References

►

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-24-435