On April 8th, 2025, Fortinet disclosed an extremely critical vulnerability in their FortiSwitch product line — and it’s a nasty one.

CVE-2024-48887, rated 9.8/10 on the CVSS scale, allows unauthenticated attackers to remotely change admin passwords via the FortiSwitch GUI — without any credentials. This unverified password change vulnerability (CWE-620) impacts a wide range of firmware versions, spanning FortiSwitch 6.4.x through 7.6.0.

For security and network engineers, this isn’t just a red flag — it’s an outright siren. In large environments with hundreds or thousands of switches, manually identifying and remediating vulnerable versions is time-consuming, error-prone, and... frankly, not scalable.

🚨 The Impact

• Remote attackers can gain full administrative control

• No authentication required

• Vulnerability affects a broad range of FortiSwitch versions

• Recommended workaround: disable HTTP/HTTPS access to the GUI

• Permanent fix: upgrade to a patched version (7.6.1, 7.4.5, 7.2.9, 7.0.11, or 6.4.15)

❗ Affected Versions

VersionAffected RangeFixed In7.6.x7.6.07.6.17.4.x7.4.0 - 7.4.47.4.57.2.x7.2.0 - 7.2.87.2.97.0.x7.0.0 - 7.0.107.0.116.4.x6.4.0 - 6.4.146.4.15

✅ How rConfig Fixes This – Automatically

If you're using rConfig, here’s the good news: you’re already covered — or about to be.

We've just rolled out an automated compliance check that detects vulnerable FortiSwitch versions across your entire environment, with zero manual input required. When this new vulnerability popped up, our team jumped in immediately to create, test, and deploy a new assertion in our compliance engine.

Here’s what rConfig users can do instantly:

• Identify all vulnerable FortiSwitch devices

• Automatically verify current firmware versions

• Receive clear remediation guidance (including upgrade paths)

• Track ongoing compliance via dashboards and reports

• Run continuous scans so you’re always ahead of the next CVE

⚡ How to Fix It Fast with rConfig

If you're running rConfig, here's how to detect, respond, and remediate this vulnerability at scale.

✅ Step 1: Identify Vulnerable Devices

rConfig's compliance engine already includes an assertion to detect FortiSwitch versions affected by CVE-2024-48887. Run or schedule a compliance scan on your network to see:

• Devices running vulnerable firmware

• Associated tags (e.g. FortiSwitch, Datacenter, Edge)

• Recommended upgrade versions

🧩 Step 2: Create a rConfig Snippet to Mitigate

Until patching can be scheduled, here’s how to create a snippet that applies the CLI-based workaround.

Snippet Name: disable-fortiswitch-gui-access
Description: Disables HTTP/HTTPS access and restricts admin access to trusted IP

Modify trusthost1/2 as needed for your environment.

🚀 Step 3: Deploy Fix Using a rConfig Task

You can now deploy this snippet to:

• 🔖 Devices with a specific tag (e.g. FortiSwitch, Remote-Branch)

• 📦 An entire device category (e.g. Core Switches)

• 👤 An individual device (for targeted control)

Create a new Task in rConfig:

• Select Snippet → disable-fortiswitch-gui-access

• Choose your target devices

• Schedule or run on-demand

rConfig will bulk-deploy the fix via SSH, log the changes, and alert you to any errors — giving you full control and audit visibility over your response.

🛡️ This Is Why We Built rConfig

Staying ahead of security threats in 2025 means having real-time visibility, automation, and tools built for scale. Whether it’s a zero-day vulnerability or a known exploit with a patch, rConfig makes sure you:

• Know about it first

• Understand your exposure

• Act fast — across 100s or 1000s of devices

Patch now. Stay compliant. Stay secure.
rConfig’s on it — so you don’t have to be.

🔗 Read Fortinet’s official advisory
🔍 Want to learn more about how rConfig handles vulnerabilities like this at scale? Get in touch