Skip to main content

Fortinet Switches: The Patch You Can't Ignore

 

Introduction

Looking online this time at the hacker news a website I like for cyber security news articles. I find them to be clear and concise. Which is where  I found this article (Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw) on a vulnerability in Fortinet switches.

The Vulnerability

A vulnerability with a 9.3 out of 10 CVSS score, the CVE can be found here (https://nvd.nist.gov/vuln/detail/CVE-2024-48887).

A 9.3 CVSS score indicates a critical vulnerability with severe risks, including unauthorized access, system compromise, and service disruptions. Immediate action is crucial for mitigation. Prompt patch management is necessary to protect infrastructure integrity and safeguard clients and stakeholders who depend on secure and reliable services.

The article identifies a vulnerability in the switches, where an attacker can alter the administrative password through a specifically crafted request.

What is being done

Fortinet have released a patch for the vulnerability the article also gives a list of the vulnerable versions of the switches GUI and which version to upgrade to.

Currently at the time of writing there has been no evidence to show that this flaw has been exploited in the wild.

My take aways from the article

I think the key takeaway from this is the critical importance for technology companies to address vulnerabilities promptly and thoroughly. When a vulnerability with a high CVSS score like 9.3 is discovered, it underscores the potential for significant risks, including unauthorized access, system compromise, and service disruptions. The release of a patch is a vital step, but its efficacy depends on timely and proper installation by users.

In the case of Fortinet switches, the article highlights how an attacker can manipulate the administrative password, making it essential for users to stay vigilant and proactive in updating their systems. The absence of evidence showing that the flaw has been exploited in the wild offers some reassurance, but it should not lead to complacency.

Furthermore, this situation serves as a reminder of the broader implications for cybersecurity practices. Technology companies must not only develop patches quickly but also communicate effectively with their users about the urgency and steps required for mitigation. Users, on the other hand, need to prioritize these updates to ensure the integrity and security of their infrastructure, which is crucial in maintaining trust among clients and stakeholders.

Labels:

Comments

Post a Comment

Popular posts from this blog

Root of the Problem: Linux Flaws That Give Attackers Admin Rights

 I realised that I haven’t posted to my blog in a long time and this week an article about CVE’s in linux caught my eye and that was the perfect excuse to write another blog post. Cybersecurity researchers at Qualys have uncovered two critical local privilege escalation (LPE) flaws that are shaking the foundations of Linux security. These aren't your run-of-the-mill vulnerabilities; we're talking about direct, express lanes to full root access on major Linux distributions. If you use Ubuntu, Debian, Fedora, openSUSE Leap 15, or SUSE Linux Enterprise 15, you need to pay close attention. The Double Threat: CVE-2025-6018 & CVE-2025-6019 An article detailing the CVE’s can be found at the link below ( CVE-2025-6018 and CVE-2025-6019 Vulnerability Exploitation: Chaining Local Privilege Escalation Flaws Lets Attackers Gain Root Access on Most Linux Distributions | SOC Prime )     Qualys has pulled back the curtain on two distinct, yet chainable, vulnerabilit...
Post a Comment
Read more

From OVA to Rocky: My Wazuh Upgrade Story

  In this blog post I will be covering something I’ve covered in a previous blog post, but I’ve decided to change my home lab and put my Wazuh SIEM on a standalone rocky linux, there are several reasons I chose to do this, Performance & Scalability: The OVA VM is a pre-built virtual machine that may not be optimized for high availability or scalability. A dedicated instance on Rocky Linux allows for better resource allocation and tuning. Customization & Flexibility: The OVA VM comes with predefined configurations. Running Wazuh on Rocky Linux gives you full control over system settings, security policies, and software updates. Compatibility & Stability: Rocky Linux is a stable, enterprise-grade OS, and Wazuh has been tested for compatibility with newer versions like Rocky Linux 9.3. This ensures long-term support and reliability. Security & Isolation: A dedicated instance provides better security isolation compared to a shared virtualized environment. You can impl...
Post a Comment
Read more

Up the Wazuh: A SIEM-ple Adventure in Troubleshooting

Initial setup To start  I downloaded the .osa file from the  wazuh website ( https://wazuh.com ) and then installed it in my virtualbox hypervisor. Then I booted up my fedora linux VM and the wazuh VM with the dashboard and manager on.  After I had logged in to the wazuh VM with the default credentials I used the ip a command to find out the ip address of the wazuh VM. As from reading the documentation I’d need this later. In my fedora VM I opened a terminal and used the commands on the wazuh website to install the agent on the VM. After some time the installation was completed and I had to update the. conf file with the IP address of the wazuh manager. This is important because  the file is a generic file that needs to be modified to make it specific to each individual setup.  All was going well up to this point. I tried to get the fedora VM to talk to the wazuh VM. The problems I encountered It was here the problems started when I tried to pi...
Post a Comment
Read more