Tag

Fortigate

3 briefs RSS

KRVTZ-NET IDS Alerts Analysis: Network Scanning and Exploitation Attempts

Multiple IDS alerts indicate potential network reconnaissance, vulnerability exploitation attempts targeting Fortigate VPN (CVE-2023-27997), and ColdFusion servers originating from various IP addresses on March 13, 2026.

network-scanning vulnerability-exploitation fortigate coldfusion cve-2023-27997

3r 4t 13i Mar 13, 2026

high advisory

Fortigate VPN CVE-2023-27997 Exploitation Attempt

2 rules 1 TTP 1 IOC

IDS alerts indicate a potential exploitation attempt against a Fortigate VPN server using CVE-2023-27997, characterized by repeated GET requests to the /remote/logincheck endpoint originating from a specific IPv6 address.

fortigate vpn cve-2023-27997 exploit initial-access

2r 1t 1i Feb 28, 2026

high advisory

Fortigate VPN Exploit Attempt via CVE-2023-27997 and Suspicious User-Agent

3 rules 2 TTPs 3 IOCs

Multiple IDS alerts indicate potential exploitation attempts against Fortigate VPN servers using CVE-2023-27997, alongside traffic from a suspicious user agent, possibly indicating reconnaissance or exploit activity.

fortigate vpn cve-2023-27997 exploit network

3r 2t 3i Feb 26, 2026