The threat intelligence report captures network IDS alerts indicating repeated GET requests to the /remote/logincheck path on Fortigate VPN devices, linked to CVE-2023-27997. This CVE corresponds to a vulnerability in Fortigate VPN that can be targeted via crafted requests to this endpoint. The observed activity is reconnaissance in nature, with no confirmed exploitation or compromise. No patch availability is confirmed in this report, and no known exploits in the wild are reported. The IP address 2001:470:1:c84::25 is associated with this scanning activity. The severity is assessed as low based on observed network behavior and absence of confirmed exploitation.

The impact is limited to reconnaissance activity detected by IDS, indicating potential probing for the Fortigate VPN vulnerability CVE-2023-27997. There is no evidence of successful exploitation or compromise in this report. No known exploits in the wild are reported. The low severity rating reflects the current absence of confirmed attacks or breaches related to this activity.

Patch status is not yet confirmed — organizations should consult the official Fortinet vendor advisory for CVE-2023-27997 to verify current remediation guidance. Since this report does not indicate patch availability, it is recommended to ensure Fortigate VPN devices are updated according to vendor recommendations. Monitoring for unusual repeated requests to /remote/logincheck and applying any vendor-provided mitigations or workarounds is advised if available.