The threat intelligence report highlights network IDS alerts capturing repeated GET requests targeting the /remote/logincheck path on Fortigate VPN devices, linked to CVE-2023-27997. This CVE corresponds to a known vulnerability in Fortigate VPN that could be exploited via crafted requests to this endpoint. The alert is classified as low severity and is primarily reconnaissance activity rather than confirmed exploitation. No affected versions or patch information are specified in this report. The source is the CIRCL OSINT Feed, and the indicator IP is 2001:470:1:c84::25.

The impact is currently limited to reconnaissance activity detected by IDS, indicating potential probing for the Fortigate VPN vulnerability CVE-2023-27997. There are no known exploits in the wild reported in this feed, and no direct evidence of successful exploitation or compromise is provided. The severity is assessed as low based on the observed network activity and lack of confirmed exploitation.

Patch status is not yet confirmed — check the official Fortinet vendor advisory for CVE-2023-27997 for current remediation guidance. Since no patch availability is indicated in this report, organizations should verify their Fortigate VPN devices are updated according to vendor recommendations. Monitoring for unusual repeated requests to /remote/logincheck and applying vendor-provided mitigations or workarounds is advised if available.