This threat intelligence report details network activity detected by KRVTZ-NET IDS on 2026-05-01, consisting of repeated GET requests targeting the /remote/logincheck endpoint of Fortigate VPN devices. These requests are associated with CVE-2023-27997, a known vulnerability in Fortigate VPN. The observed activity is consistent with reconnaissance efforts to identify vulnerable devices prior to potential exploitation. The report includes IP indicators involved in this activity but does not document any confirmed exploitation or active threat campaigns. Patch availability and remediation status are not confirmed in this report; users should consult Fortinet advisories for updates. The overall severity is low, reflecting the observation of preliminary scanning rather than active compromise.

The impact is limited to reconnaissance activity targeting Fortigate VPN infrastructure. There is no evidence of successful exploitation or active attacks related to this observation. No known exploits in the wild or ransomware campaigns are linked to this activity. The low severity rating reflects the preliminary nature of the network scanning without confirmed compromise or damage.

No specific mitigation or patch is provided by the source for this observation. Since this is reconnaissance activity without confirmed exploitation, no immediate action is mandated. Organizations using Fortigate VPN devices should ensure their systems are updated according to Fortinet advisories for CVE-2023-27997. Monitoring for suspicious login attempts and unusual network activity targeting the /remote/logincheck endpoint is recommended. Patch status is not confirmed in this report; users should verify current vendor guidance.