Cve-2023-27997 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/cve-2023-27997/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 13 Mar 2026 20:52:20 +0000KRVTZ-NET IDS Alerts Analysis: Network Scanning and Exploitation Attemptshttps://feed.craftedsignal.io/briefs/2026-03-krvtz-net-ids-alerts/Fri, 13 Mar 2026 20:52:20 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-krvtz-net-ids-alerts/Multiple IDS alerts indicate potential network reconnaissance, vulnerability exploitation attempts targeting Fortigate VPN (CVE-2023-27997), and ColdFusion servers originating from various IP addresses on March 13, 2026.<p>On March 13, 2026, KRVTZ-NET IDS systems generated a series of alerts indicative of network scanning and attempted exploitation. The alerts highlight suspicious activity originating from a range of IP addresses, suggesting a widespread campaign rather than a targeted attack from a single actor. Specific alerts include repeated GET requests to <code>/remote/logincheck</code>, potentially targeting the Fortigate VPN vulnerability CVE-2023-27997, as well as requests for hidden environment files and attempts…</p> mediumadvisorynetwork-scanningvulnerability-exploitationfortigatecoldfusioncve-2023-27997Fortigate VPN CVE-2023-27997 Exploitation Attempthttps://feed.craftedsignal.io/briefs/2026-02-fortigate-vpn-cve-2023-27997/Sat, 28 Feb 2026 00:46:45 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-02-fortigate-vpn-cve-2023-27997/IDS alerts indicate a potential exploitation attempt against a Fortigate VPN server using CVE-2023-27997, characterized by repeated GET requests to the /remote/logincheck endpoint originating from a specific IPv6 address.<p>On February 28, 2026, network intrusion detection systems (IDS) flagged suspicious activity indicative of a potential exploit targeting Fortigate VPN servers. The activity involves a series of repeated GET requests directed towards the <code>/remote/logincheck</code> endpoint, a known attack vector associated with CVE-2023-27997. This vulnerability allows unauthenticated attackers to execute arbitrary code via specially crafted requests. The observed traffic originates from the IPv6 address…</p> highadvisoryfortigatevpncve-2023-27997exploitinitial-accessFortigate VPN Exploit Attempt via CVE-2023-27997 and Suspicious User-Agenthttps://feed.craftedsignal.io/briefs/2026-02-fortigate-cve-2023-27997/Thu, 26 Feb 2026 07:27:12 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-02-fortigate-cve-2023-27997/Multiple IDS alerts indicate potential exploitation attempts against Fortigate VPN servers using CVE-2023-27997, alongside traffic from a suspicious user agent, possibly indicating reconnaissance or exploit activity.<p>On February 26, 2026, network intrusion detection systems (IDS) triggered alerts related to potential exploitation attempts targeting Fortigate VPN servers. The alerts highlight suspicious network activity originating from multiple IP addresses, specifically repeated GET requests to the <code>/remote/logincheck</code> endpoint, a known vulnerability associated with CVE-2023-27997. This vulnerability could allow unauthorized access to the VPN. Additionally, an IPv4 address was observed using a suspicious…</p> highadvisoryfortigatevpncve-2023-27997exploitnetwork