CVE-2024-48887
published 2025-04-08CVE-2024-48887: A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortiswitch | — | — |
| fortinet | fortiswitch | — | — |
| fortinet | fortiswitch | >= 6.4.0 < 6.4.15 | 6.4.15 |
| fortinet | fortiswitch | 6.4.0 – 6.4.14 | — |
| fortinet | fortiswitch | >= 7.0.0 < 7.0.11 | 7.0.11 |
| fortinet | fortiswitch | 7.0.0 – 7.0.10 | — |
| fortinet | fortiswitch | >= 7.2.0 < 7.2.9 | 7.2.9 |
| fortinet | fortiswitch | 7.2.0 – 7.2.8 | — |
| fortinet | fortiswitch | >= 7.4.0 < 7.4.5 | 7.4.5 |
| fortinet | fortiswitch | 7.4.0 – 7.4.4 | — |