{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/fortigate/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["network-scanning","vulnerability-exploitation","fortigate","coldfusion","cve-2023-27997"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOn March 13, 2026, KRVTZ-NET IDS systems generated a series of alerts indicative of network scanning and attempted exploitation. The alerts highlight suspicious activity originating from a range of IP addresses, suggesting a widespread campaign rather than a targeted attack from a single actor. Specific alerts include repeated GET requests to \u003ccode\u003e/remote/logincheck\u003c/code\u003e, potentially targeting the Fortigate VPN vulnerability CVE-2023-27997, as well as requests for hidden environment files and attempts…\u003c/p\u003e\n","date_modified":"2026-03-13T20:52:20Z","date_published":"2026-03-13T20:52:20Z","id":"/briefs/2026-03-krvtz-net-ids-alerts/","summary":"Multiple IDS alerts indicate potential network reconnaissance, vulnerability exploitation attempts targeting Fortigate VPN (CVE-2023-27997), and ColdFusion servers originating from various IP addresses on March 13, 2026.","title":"KRVTZ-NET IDS Alerts Analysis: Network Scanning and Exploitation Attempts","url":"https://feed.craftedsignal.io/briefs/2026-03-krvtz-net-ids-alerts/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["fortigate","vpn","cve-2023-27997","exploit","initial-access"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOn February 28, 2026, network intrusion detection systems (IDS) flagged suspicious activity indicative of a potential exploit targeting Fortigate VPN servers. The activity involves a series of repeated GET requests directed towards the \u003ccode\u003e/remote/logincheck\u003c/code\u003e endpoint, a known attack vector associated with CVE-2023-27997. This vulnerability allows unauthenticated attackers to execute arbitrary code via specially crafted requests. The observed traffic originates from the IPv6 address…\u003c/p\u003e\n","date_modified":"2026-02-28T00:46:45Z","date_published":"2026-02-28T00:46:45Z","id":"/briefs/2026-02-fortigate-vpn-cve-2023-27997/","summary":"IDS alerts indicate a potential exploitation attempt against a Fortigate VPN server using CVE-2023-27997, characterized by repeated GET requests to the /remote/logincheck endpoint originating from a specific IPv6 address.","title":"Fortigate VPN CVE-2023-27997 Exploitation Attempt","url":"https://feed.craftedsignal.io/briefs/2026-02-fortigate-vpn-cve-2023-27997/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["fortigate","vpn","cve-2023-27997","exploit","network"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOn February 26, 2026, network intrusion detection systems (IDS) triggered alerts related to potential exploitation attempts targeting Fortigate VPN servers. The alerts highlight suspicious network activity originating from multiple IP addresses, specifically repeated GET requests to the \u003ccode\u003e/remote/logincheck\u003c/code\u003e endpoint, a known vulnerability associated with CVE-2023-27997. This vulnerability could allow unauthorized access to the VPN. Additionally, an IPv4 address was observed using a suspicious…\u003c/p\u003e\n","date_modified":"2026-02-26T07:27:12Z","date_published":"2026-02-26T07:27:12Z","id":"/briefs/2026-02-fortigate-cve-2023-27997/","summary":"Multiple IDS alerts indicate potential exploitation attempts against Fortigate VPN servers using CVE-2023-27997, alongside traffic from a suspicious user agent, possibly indicating reconnaissance or exploit activity.","title":"Fortigate VPN Exploit Attempt via CVE-2023-27997 and Suspicious User-Agent","url":"https://feed.craftedsignal.io/briefs/2026-02-fortigate-cve-2023-27997/"}],"language":"en","title":"CraftedSignal Threat Feed — Fortigate","version":"https://jsonfeed.org/version/1.1"}