Fortinet Alert: Critical Flaw in FortiSwitch Lets Attackers Hijack Admin Accounts
Two critical vulnerabilities in VMware’s vCenter Server platform were recently patched by Broadcom, with the more severe of the two being CVE-2024-38812. The company notes that there is a possibility of Remote Code Execution (RCE) attacks as a result of the vulnerability.
VMware vCenter Server is a widely used application in many organizations for managing virtual machines and ESXi hosts, which makes these vulnerabilities particularly concerning.
A Look at the Vulnerability
The flaw resides within FortiSwitch’s Graphical User Interface (GUI). By sending specially crafted requests, an attacker could bypass normal authentication checks and directly change administrative passwords. This vulnerability, categorized as CWE-620 (Unverified Password Change), poses significant risk as it does not require prior access to the device.
This means that any exposed FortiSwitch management interface could be targeted remotely.
Affected FortiSwitch Versions
The affected FortiSwitch firmware versions include:
- FortiSwitch 7.6.0 → Patch to 7.6.1
- FortiSwitch 7.4.0 – 7.4.4 → Patch to 7.4.5
- FortiSwitch 7.2.0 – 7.2.8 → Patch to 7.2.9
- FortiSwitch 7.0.0 – 7.0.10 → Patch to 7.0.11
- FortiSwitch 6.4.0 – 6.4.14 → Patch to 6.4.15
Failure to update leaves devices wide open to remote attacks.
Mitigation Recommendations
For organizations unable to patch immediately, Fortinet recommends:
- Restricting GUI access to trusted IP addresses
- Disabling HTTP/HTTPS access to the switch wherever possible
- Implementing network segmentation to isolate management interfaces
- Monitoring device logs for suspicious activity
- Applying strict access control policies
Why Should Organizations Be Concerned?
This vulnerability is not theoretical — it opens a direct path for attackers to gain privileged access without traditional barriers like passwords or authentication checks.
Potential risks include:
- Complete device takeover
- Unauthorized configuration changes
- Internal network access
- Data exfiltration
- Disruption of business operations
For enterprises, government bodies, or critical infrastructure providers using FortiSwitch, the cost of ignoring this vulnerability could be severe.
Fortinet’s Advisory
Fortinet has already released patches addressing this flaw and is urging all affected users to upgrade immediately. The company’s rapid response and guidance provide organizations with a clear roadmap to safeguard their infrastructure.
Cybersecurity Takeaway
No technology is immune to vulnerabilities — even market leaders like Fortinet. However, organizations can drastically reduce their exposure by:
- Maintaining an updated asset inventory
- Implementing strict access controls
- Regularly applying vendor patches
- Monitoring security advisories
- Conducting routine vulnerability assessments