Fortinet has announced a critical vulnerability surrounding FortiSwitch Firmware. The vulnerability is related to the switch's password change function. An unauthenticated attacker with access to the GUI could modify passwords via specially crafted requests.
Fortinet rates this vulnerability as HIGH.
SCOPE
Per Fortinet’s Security Advisory, the FortiSwitch versions that are affected include:
COURSE OF ACTION
Fortinet has released a security update to remediate affected systems. For clients with SE Platform, our team is proactively patching these vulnerabilities and will contact you with details about remediation scheduling. If you have urgent questions about this Security Alert, please contact your account manager.
For all other clients, we recommend that you have your affected systems patched immediately. If you would like our assistance with patching, please contact Systems Engineering Customer Service at 207.772.4199 to open a ticket and have your system updated.
