Fortinet has announced a critical vulnerability surrounding FortiSwitch Firmware. The vulnerability is related to the switch's password change function. An unauthenticated attacker with access to the GUI could modify passwords via specially crafted requests.
Per Fortinet’s Security Advisory, the FortiSwitch versions that are affected include:
Fortinet has released a security update to remediate affected systems. For clients with SE Platform, our team is proactively patching these vulnerabilities and will contact you with details about remediation scheduling. If you have urgent questions about this Security Alert, please contact your account manager.
For all other clients, we recommend that you have your affected systems patched immediately. If you would like our assistance with patching, please contact Systems Engineering Customer Service at 207.772.4199 to open a ticket and have your system updated.