This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Critical flaw in Fortinet FortiSwitch GUI allowing **unauthenticated password changes**. <br>π₯ **Consequences**: Admin credentials can be hijacked instantly.β¦
π **Root Cause**: **CWE-620** (Unverified Password Change). <br>β οΈ **Flaw**: The `/change_pass` endpoint lacks authentication checks. No verification of current password or user identity required to set a new one.
Q3Who is affected? (Versions/Components)
π’ **Affected**: **Fortinet FortiSwitch** devices. <br>π¦ **Component**: The web-based management GUI interface. <br>π **Note**: Data indicates publication date 2025-04-08, suggesting recent or future disclosure context.
π **Self-Check**: <br>1. Scan for open FortiSwitch GUI ports. <br>2. Test `/change_pass` endpoint with a POST request (using PoC). <br>3. Check if password changes without verifying old credentials.β¦
π οΈ **Patch Status**: **No Official Patch Yet**. <br>π **Reference**: FortiGuard PSIRT FG-IR-24-435 exists, but data states "No official patch yet". <br>β³ **Action**: Monitor Fortinet support for updates immediately.
Q9What if no patch? (Workaround)
π§ **Workaround**: <br>1. **Block Access**: Restrict GUI access via Firewall/ACLs to trusted IPs only. <br>2. **Disable GUI**: If possible, disable web management and use CLI with strong auth. <br>3.β¦