Firmware Upgrade Required in Fortinet Products to Fix Critical FortiSwitch Vulnerability

Fortinet is telling FortiSwitch consumers to implement a firmware update immediately to correct a critical vulnerability that may be taken advantage of by a remote hacker to alter admin passwords. Daniel Rozeboom of FortiSwitch’s web UI development group discovered vulnerability CVE-2024-4887 with a CVSS base score of 9.3.

The vulnerability is found in FortiSwitch GUI, and attackers can exploit this vulnerability remotely by transmitting a specially written request. Fortinet advised users to update to a patched version immediately to avoid exploitation. Threat actors regularly target vulnerabilities in Fortinet products, though when Fortinet issued the security warning, there was no known instance of attempted vulnerability exploitation in the wild.

When a user cannot apply the patch immediately, Fortinet proposes deactivating HTTP/HTTPS Access from admin interfaces and setting up trusted hosts to control the hosts that can link to the system.

To ensure HIPAA compliance of Fortinet products, a vulnerability management program is needed. This is the first vulnerability Fortinet fixed on April 2025 Patch Tuesday. Nine other vulnerabilities need to be fixed, including two high-severity vulnerabilities impacting several FortiAnalyzer, FortiOS, FortiManager, FortiProxy, FortiWeb, and FortiVoice versions. The vulnerabilities are monitored as CVE-2024-50565 and CVE-2024-26013. The two vulnerabilities are assigned a CVSS base score of 7.1.

The vulnerabilities are caused by not limiting the communication channel to supposed endpoints. An unauthenticated attacker may exploit the vulnerabilities in a man-in-the-middle (MitM) attack. By impersonating the management device, FortiManager, or FortiCloud server, the attacker could intercept FGFM authentication requests from the management device to the managed device.

Image credit: xiaoliangge, AdobeStock