A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fortiswitch | Fortinet | 6.4.0 (including) | 6.4.15 (excluding) |
Fortiswitch | Fortinet | 7.0.0 (including) | 7.0.11 (excluding) |
Fortiswitch | Fortinet | 7.2.0 (including) | 7.2.9 (excluding) |
Fortiswitch | Fortinet | 7.4.0 (including) | 7.4.5 (excluding) |
Fortiswitch | Fortinet | 7.6.0 (including) | 7.6.0 (including) |