Description
An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file.
Published: 2026-03-10
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote command execution via improper access control
Action: Immediate Patch
AI Analysis

Impact

An improper access control flaw in Fortinet FortiSwitchAXFixed versions 1.0.0 through 1.0.1 allows an authenticated administrator to craft a specially designed SSH configuration file that enables execution of arbitrary system commands on the device. The weakness permits the privileged user to run commands with the full operating‑system rights of the switch, potentially leading to complete compromise of the device’s operating environment.

Affected Systems

Fortinet FortiSwitchAXFixed 1.0.0 and 1.0.1 are affected. Upgrading to FortiSwitchAXFixed 1.0.2 or newer, or FortiSwitchAX-Chassis 1.0.0 or newer, removes the vulnerability.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity, while the EPSS score of less than 1% suggests a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. An attacker would need legitimate administrator credentials and access to the device’s SSH configuration, but once available, can issue arbitrary system commands. The impact is high for any privileged operator, enabling full control of the switch if the flaw is used.

Generated by OpenCVE AI on April 18, 2026 at 09:38 UTC.

Remediation

Vendor Solution

Upgrade to FortiSwitchAX-Chassis version 1.0.0 or above Upgrade to FortiSwitchAXFixed version 1.0.2 or above

OpenCVE Recommended Actions

  • Upgrade FortiSwitchAXFixed to version 1.0.2 or newer
  • Upgrade FortiSwitchAX-Chassis to version 1.0.0 or newer
  • Restrict write access to the SSH configuration directory so that only system processes can modify it

Generated by OpenCVE AI on April 18, 2026 at 09:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Title Improper Access Control Enabling Remote Command Execution via SSH Config on FortiSwitchAXFixed

Thu, 09 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:fortinet:fortiswitchaxfixed:*:*:*:*:*:*:*:*

Tue, 10 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Description An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file.
First Time appeared Fortinet
Fortinet fortiswitchaxfixed
Weaknesses CWE-284
CPEs cpe:2.3:a:fortinet:fortiswitchaxfixed:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiswitchaxfixed:1.0.1:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortiswitchaxfixed
References
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C'}

Subscriptions

Fortinet Fortiswitchaxfixed
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-03-10T20:32:47.930Z

Reserved: 2026-01-08T06:49:28.869Z

Link: CVE-2026-22628

cve-icon Vulnrichment

Updated: 2026-03-10T20:30:16.838Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T18:18:12.720

Modified: 2026-04-09T20:53:56.180

Link: CVE-2026-22628

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T09:45:25Z

Weaknesses