The Sophos Intrusion Prevention System shields the network from known attacks by matching the
network traffic against the signatures in the IPS Signature Database. These signatures are
developed to significantly increase detection performance and reduce the false alarms.
Applicable to: XGS-87, XGS-87(w), XGS-107, XGS-107(w),
XGS-116, XGS-116(w), XGS-126, XGS-126(w), XGS-136, XGS-136(w), XGS-2100, XGS-2300, XGS-3100,
XGS-3300, XGS-4300, XGS-4500, XG-86, XG-86(w), XG-106, XG-106(w), XG-115, XG-115(w), XG-125,
XG-125(w), XG-135, XG-135(w), XG-210, XG-230, XG-310, XG-330, XG-430, XG-450, SG-105, SG-105(w),
SG-115, SG-115(w), SG-125, SG-125(w), SG-135, SG-135(w), SG-210, SG-230, SG-310, SG-330, SG-430,
SG-450, SG-550, SG-650 and Any virtual deployment with RAM < 24GB
The table below provides details of Signatures included in this release.
This IPS Release includes Forty one(41) Signatures
to address
Thirty (30) Vulnerabilities.
Fixed issues, listed by ID, description, explanation and Workaround.
| Name |
CVE-ID |
Category |
Severity |
| FILE-IDENTIFY MachO x64 Little Endian file magic detected |
|
file-identify |
4 |
| OS-LINUX Linux Kernel ksmbd Compounded TreeID Validation CVE-2023-52442 Information Disclosure |
CVE-2023-52442 |
os-linux |
2 |
| OS-WINDOWS Microsoft IIS Cachuri TREE_HASH_TABLE CVE-2022-22025 Denial of Service (DOS) |
CVE-2022-22025 |
os-windows |
2 |
| OS-WINDOWS Microsoft Windows MSHTML Platform CrackUrlFile CVE-2023-35628 Remote Code Execution |
CVE-2023-35628 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows MSHTML Platform CrackUrlFile CVE-2023-35628 Remote Code Execution |
CVE-2023-35628 |
os-windows |
5 |
| PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2024-1936 attack attempt |
CVE-2024-24851 |
protocol-scada |
1 |
| PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2024-1937 attack attempt |
CVE-2024-24946 |
protocol-scada |
1 |
| PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2024-1938 attack attempt |
CVE-2024-24954 |
protocol-scada |
1 |
| PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2024-1938 attack attempt |
CVE-2024-24955 |
protocol-scada |
1 |
| PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2024-1938 attack attempt |
CVE-2024-24956 |
protocol-scada |
1 |
| PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2024-1938 attack attempt |
CVE-2024-24957 |
protocol-scada |
1 |
| PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2024-1938 attack attempt |
CVE-2024-24958 |
protocol-scada |
1 |
| PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2024-1938 attack attempt |
CVE-2024-24959 |
protocol-scada |
1 |
| PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2024-1939 attack attempt |
CVE-2024-24962, CVE-2024-24963 |
protocol-scada |
1 |
| PUA-OTHER CoinHive Miner client detected |
|
pua-other |
2 |
| SERVER-OTHER Veeam Backup and Replication Backup FindValidSTSEndpointUrl CVE-2024-29849 Authentication Bypass |
CVE-2024-29849 |
server-other |
1 |
| SERVER-OTHER Vmware Reflective Denial Of Service CVE-2023-29552 Amplification Vulnerability (DOS) |
CVE-2023-29552 |
server-other |
1 |
| SERVER-WEBAPP Check Point Quantum Gateway CVE-2024-24919 Directory Traversal |
CVE-2024-24919 |
server-webapp |
1 |
| SERVER-WEBAPP CyberPower PowerPanel Business Import Profile CVE-2024-33615 Directory Traversal |
CVE-2024-33615 |
server-webapp |
2 |
| SERVER-WEBAPP HAProxy Set-Cookie2 Header Handling CVE-2022-0711 Denial of Service (DOS) |
CVE-2022-0711 |
server-webapp |
3 |
| SERVER-WEBAPP HTTP/2 Rapid Reset Denial Of Service Vulnerability (DDOS) |
CVE-2023-44487 |
server-webapp |
1 |
| SERVER-WEBAPP HTTP/2 Rapid Reset Denial Of Service Vulnerability (DDOS) |
CVE-2023-44487 |
server-webapp |
5 |
| SERVER-WEBAPP Inductive Automation Ignition ExtendedDocumentCodec CVE-2023-50223 Insecure Deserialization |
CVE-2023-50223 |
server-webapp |
2 |
| SERVER-WEBAPP Inductive Automation Ignition ExtendedDocumentCodec CVE-2023-50223 Insecure Deserialization |
CVE-2023-50223 |
server-webapp |
5 |
| SERVER-WEBAPP Palo Alto Networks PAN-OS GlobalProtect Gateway CVE-2024-3400 Command Injection |
CVE-2024-3400 |
server-webapp |
1 |
| SERVER-WEBAPP SpaceLogic C-Bus Home Controller CVE-2022-34753 Command Injection Attempt |
CVE-2022-34753 |
server-webapp |
2 |
| SERVER-WEBAPP Tinyproxy HTTP Connection Headers CVE-2023-49606 Use-After-Free |
CVE-2023-49606 |
server-webapp |
2 |
| SERVER-WEBAPP WordPress LearnPress Plugin handle_params_for_query_courses CVE-2023-6567 SQL Injection |
CVE-2023-6567 |
server-webapp |
2 |
| SERVER-WEBAPP Zyxel CVE-2024-29973 Python Code Injection Vulnerability |
CVE-2024-29973 |
server-webapp |
1 |
| SERVER-WEBAPP Zyxel CVE-2024-29976 Privilege Escalation And Information Disclosure Vulnerability |
CVE-2024-29976 |
server-webapp |
1 |
The Sophos Intrusion Prevention System shields the network from known attacks by matching
the network traffic against the signatures in the IPS Signature Database. These
signatures are developed to significantly increase detection performance and reduce the
false alarms.
Applicable to: XG-550, XG-650, XG-750, XGS-5500,
XGS-6500 and Any virtual deployment with RAM >24GB
The table below provides details of Signatures included in this release.
This IPS Release includes Fifty one(51) Signatures
to address
Thirty nine(39) Vulnerabilities.
Fixed issues, listed by ID, description, explanation and Workaround.
| Name |
CVE-ID |
Category |
Severity |
| FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1191 attack attempt |
CVE-2020-13580 |
file-office |
1 |
| MALWARE-BACKDOOR Win.Trojan.delf.jwh runtime detection |
|
malware-backdoor |
1 |
| MALWARE-CNC Win.Banker.Delf variant outbound connection |
|
malware-cnc |
1 |
| MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection |
|
malware-cnc |
1 |
| MALWARE-CNC Win.Trojan.Delf.jwh variant outbound connection |
|
malware-cnc |
1 |
| MALWARE-CNC Win.Trojan.delf.phh variant outbound connection 57329.exe |
|
malware-cnc |
1 |
| MALWARE-CNC Win.Trojan.delf.phh variant outbound connection file.exe |
|
malware-cnc |
1 |
| MALWARE-CNC Win.Trojan.delf.phh variant outbound connection sft_ver1.1454.0.exe |
|
malware-cnc |
1 |
| MALWARE-CNC Win.Trojan.delf.uv inbound connection |
|
malware-cnc |
1 |
| MALWARE-CNC Win.Trojan.delf.uv variant outbound connection |
|
malware-cnc |
1 |
| MALWARE-CNC Win.Trojan.Delf variant HTTP Response |
|
malware-cnc |
1 |
| MALWARE-CNC Win.Trojan.Delf variant outbound connection |
|
malware-cnc |
1 |
| MALWARE-CNC Win.Trojan.Downloader.Delf.RGL variant outbound connection |
|
malware-cnc |
1 |
| MALWARE-CNC Win.Trojan.Downloader.Win32.Delf.tbv variant outbound connection |
|
malware-cnc |
1 |
| MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Delf.aba variant outbound connection |
|
malware-cnc |
1 |
| MALWARE-CNC Win.Trojan.Scar.dpvy/Parkchicers.A/Delf checkin |
|
malware-cnc |
1 |
| OS-LINUX Linux Kernel ksmbd Compounded TreeID Validation CVE-2023-52442 Information Disclosure |
CVE-2023-52442 |
os-linux |
2 |
| OS-WINDOWS Microsoft IIS Cachuri TREE_HASH_TABLE CVE-2022-22025 Denial of Service (DOS) |
CVE-2022-22025 |
os-windows |
2 |
| OS-WINDOWS Microsoft Windows MSHTML Platform CrackUrlFile CVE-2023-35628 Remote Code Execution |
CVE-2023-35628 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows MSHTML Platform CrackUrlFile CVE-2023-35628 Remote Code Execution |
CVE-2023-35628 |
os-windows |
5 |
| SERVER-OTHER Veeam Backup and Replication Backup FindValidSTSEndpointUrl CVE-2024-29849 Authentication Bypass |
CVE-2024-29849 |
server-other |
1 |
| SERVER-OTHER Vmware Reflective Denial Of Service CVE-2023-29552 Amplification Vulnerability (DOS) |
CVE-2023-29552 |
server-other |
1 |
| SERVER-WEBAPP Check Point Quantum Gateway CVE-2024-24919 Directory Traversal |
CVE-2024-24919 |
server-webapp |
1 |
| SERVER-WEBAPP CyberPower PowerPanel Business Import Profile CVE-2024-33615 Directory Traversal |
CVE-2024-33615 |
server-webapp |
2 |
| SERVER-WEBAPP HAProxy Set-Cookie2 Header Handling CVE-2022-0711 Denial of Service (DOS) |
CVE-2022-0711 |
server-webapp |
3 |
| SERVER-WEBAPP HSC Mailinspector CVE-2024-34470 Path Traversal Vulnerability |
CVE-2024-34470 |
server-webapp |
1 |
| SERVER-WEBAPP HTTP/2 Rapid Reset Denial Of Service Vulnerability (DDOS) |
CVE-2023-44487 |
server-webapp |
1 |
| SERVER-WEBAPP HTTP/2 Rapid Reset Denial Of Service Vulnerability (DDOS) |
CVE-2023-44487 |
server-webapp |
5 |
| SERVER-WEBAPP Inductive Automation Ignition ExtendedDocumentCodec CVE-2023-50223 Insecure Deserialization |
CVE-2023-50223 |
server-webapp |
2 |
| SERVER-WEBAPP Inductive Automation Ignition ExtendedDocumentCodec CVE-2023-50223 Insecure Deserialization |
CVE-2023-50223 |
server-webapp |
5 |
| SERVER-WEBAPP Netflix Genie OSS CVE-2024-4701 Path Traversal Vulnerability |
CVE-2024-4701 |
server-webapp |
1 |
| SERVER-WEBAPP Palo Alto Networks PAN-OS GlobalProtect Gateway CVE-2024-3400 Command Injection |
CVE-2024-3400 |
server-webapp |
1 |
| SERVER-WEBAPP SpaceLogic C-Bus Home Controller CVE-2022-34753 Command Injection Attempt |
CVE-2022-34753 |
server-webapp |
2 |
| SERVER-WEBAPP Tinyproxy HTTP Connection Headers CVE-2023-49606 Use-After-Free |
CVE-2023-49606 |
server-webapp |
2 |
| SERVER-WEBAPP WordPress LearnPress Plugin handle_params_for_query_courses CVE-2023-6567 SQL Injection |
CVE-2023-6567 |
server-webapp |
2 |
| SERVER-WEBAPP Zyxel CVE-2024-29972 Backdoor Account Vulnerability |
CVE-2024-29972 |
server-webapp |
1 |
| SERVER-WEBAPP Zyxel CVE-2024-29973 Python Code Injection Vulnerability |
CVE-2024-29973 |
server-webapp |
1 |
| SERVER-WEBAPP Zyxel CVE-2024-29974 Persistent Remote Code Execution Vulnerability |
CVE-2024-29974 |
server-webapp |
1 |
| SERVER-WEBAPP Zyxel CVE-2024-29976 Privilege Escalation And Information Disclosure Vulnerability |
CVE-2024-29976 |
server-webapp |
1 |
Name: Name of the Signature.
CVE-ID: CVE Identification Number - Common
Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for
publicly known information security vulnerabilities.
Category: Class type according to threat.
Severity: Degree of severity - The levels of
severity are described in the table below:
Fixed issues, listed by ID, description, explanation and
Workaround.
| Severity Level |
Severity Criteria |
| 1 |
Critical |
| 2 |
Major |
| 3 |
Moderate |
| 4 |
Minor |
| 5 |
Warning |
Important Notice
Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be
accurate and reliable at the time of printing, but is presented without warranty
of any kind, expressed or implied. Users must take full responsibility for their
application of any products. Sophos Technologies Pvt. Ltd. assumes no
responsibility for any errors that may appear in this document. Sophos
Technologies Pvt. Ltd. reserves the right, without notice to make changes in
product design or specifications. Information is subject to change without
notice.
RESTRICTED RIGHTS
©1997 - 2025 Sophos Ltd. All rights reserved.
All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies
Pvt. Ltd.
Corporate Headquarters
Sophos Technologies Pvt. Ltd.
Registered in England and Wales No. 2096520,
The Pentagon, Abingdon Science Park,
Abingdon, OX14 3YP, UK
Web site: www.sophos.com