Kaspersky warns that Cring ransomware operators are utilizing an ancient route traversal vulnerability in the FortiOS SSL VPN web portal to get access to enterprise networks.
At the start of the year 2021, the threat leads behind the Cring ransomware were seen launching multiple attacks on European industrial organizations, forcing at least a single enterprise to close a production site.
The primary vector of attack was later recognized as CVE-2018-13379, vulnerability in the FortiOS SSL VPN web portal that could help suspicious attackers to download FortiOS system files.
The attacks witnessed by Kaspersky began with test connections to the VPN Gateway in order to verify the software version on the target machines.
To Read More: Security Week