CVE-2024-48887
CRITICALDescription
A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request
Is your site exposed to CVE-2024-48887?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| fortinet | fortiswitch |
| fortinet | fortiswitch |
| fortinet | fortiswitch |
| fortinet | fortiswitch |
| fortinet | fortiswitch |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-48887? +
How severe is CVE-2024-48887? +
What products are affected by CVE-2024-48887? +
How do I check if I'm vulnerable to CVE-2024-48887? +
Related Vulnerabilities
Ibexa is a composable end-to-end DXP (Digital Experience Platform). Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the …
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker …
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's …
The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator …
The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all …
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and …