The Sophos Intrusion Prevention System shields the network from known attacks by matching the
network traffic against the signatures in the IPS Signature Database. These signatures are
developed to significantly increase detection performance and reduce the false alarms.
Applicable to: XGS-87, XGS-87(w), XGS-107, XGS-107(w),
XGS-116, XGS-116(w), XGS-126, XGS-126(w), XGS-136, XGS-136(w), XGS-2100, XGS-2300, XGS-3100,
XGS-3300, XGS-4300, XGS-4500, XG-86, XG-86(w), XG-106, XG-106(w), XG-115, XG-115(w), XG-125,
XG-125(w), XG-135, XG-135(w), XG-210, XG-230, XG-310, XG-330, XG-430, XG-450, SG-105, SG-105(w),
SG-115, SG-115(w), SG-125, SG-125(w), SG-135, SG-135(w), SG-210, SG-230, SG-310, SG-330, SG-430,
SG-450, SG-550, SG-650 and Any virtual deployment with RAM < 24GB
The table below provides details of Signatures included in this release.
This IPS Release includes Twenty four(24) Signatures
to address
Seventeen(17) Vulnerabilities.
Fixed issues, listed by ID, description, explanation and Workaround.
| Name |
CVE-ID |
Category |
Severity |
| BROWSER-PLUGINS Symantec Norton Antivirus ActiveX clsid access |
CVE-2004-0487, CVE-2005-2127 |
browser-plugins |
1 |
| FILE-OFFICE Microsoft Windows Management Console CVE-2024-43572 Remote Code Execution |
CVE-2024-43572 |
file-office |
2 |
| FILE-OFFICE Microsoft Windows Management Console CVE-2024-43572 Remote Code Execution |
CVE-2024-43572 |
file-office |
5 |
| INDICATOR-SHELLCODE ARM Linux reverse connect shell |
CVE-2022-20699 |
indicator-shellcode |
1 |
| OS-WINDOWS Microsoft Windows SMB Server SMB2_SIGNING_CAPABILITIES CVE-2024-43642 Denial of Service |
CVE-2024-43642 |
os-windows |
2 |
| SERVER-WEBAPP Cisco ASA and FTD denial of service attempt |
CVE-2024-20402 |
server-webapp |
1 |
| SERVER-WEBAPP Cisco Firewall Management Center command injection attempt |
CVE-2024-20424 |
server-webapp |
1 |
| SERVER-WEBAPP Ivanti Cloud Services Appliance tripwire CVE-2024-9380 Command Injection |
CVE-2024-9380 |
server-webapp |
2 |
| SERVER-WEBAPP Ivanti Connect Secure and Policy Secure OpenSSL CVE-2024-37404 CRLF Injection |
CVE-2024-37404 |
server-webapp |
1 |
| SERVER-WEBAPP Jenkins File Parameter Plugin CVE-2023-32986 Directory Traversal Attempt |
CVE-2023-32986 |
server-webapp |
2 |
| SERVER-WEBAPP Jenkins Remoting fetchJar CVE-2024-43044 Arbitrary File Read |
CVE-2024-43044 |
server-webapp |
2 |
| SERVER-WEBAPP OSGeo GeoServer JXPath CVE-2024-36401 Arbitrary Method Invocation |
CVE-2024-36401 |
server-webapp |
1 |
| SERVER-WEBAPP ProjectSend CVE-2024-11680 Unauthenticated Remote Code Execution Vulnerability |
CVE-2024-11680 |
server-webapp |
1 |
| SERVER-WEBAPP PTZOptics VHD PTZ Camera CVE-2024-8956 Authentication Bypass and Command Injection Attempt |
CVE-2024-8956, CVE-2024-8957 |
server-webapp |
1 |
| SERVER-WEBAPP Veertu Anka Build service CVE-2024-41163 Directory Traversal |
CVE-2024-41163 |
server-webapp |
3 |
| SERVER-WEBAPP WordPress Hash Form plugin CVE-2024-5084 Arbitrary File Upload Attempt |
CVE-2024-5084 |
server-webapp |
1 |
| SERVER-WEBAPP Zimbra Collaboration CVE-2024-50599 Cross-Site Scripting |
CVE-2024-50599 |
server-webapp |
3 |
The Sophos Intrusion Prevention System shields the network from known attacks by matching
the network traffic against the signatures in the IPS Signature Database. These
signatures are developed to significantly increase detection performance and reduce the
false alarms.
Applicable to: XG-550, XG-650, XG-750, XGS-5500,
XGS-6500 and Any virtual deployment with RAM >24GB
The table below provides details of Signatures included in this release.
This IPS Release includes Twenty nine(29) Signatures
to address
Twenty two(22) Vulnerabilities.
Fixed issues, listed by ID, description, explanation and Workaround.
| Name |
CVE-ID |
Category |
Severity |
| BROWSER-PLUGINS Symantec Norton Antivirus ActiveX clsid access |
CVE-2004-0487, CVE-2005-2127 |
browser-plugins |
1 |
| FILE-OFFICE Microsoft Windows Management Console CVE-2024-43572 Remote Code Execution |
CVE-2024-43572 |
file-office |
2 |
| FILE-OFFICE Microsoft Windows Management Console CVE-2024-43572 Remote Code Execution |
CVE-2024-43572 |
file-office |
5 |
| OS-WINDOWS Microsoft Windows SMB Server SMB2_SIGNING_CAPABILITIES CVE-2024-43642 Denial of Service |
CVE-2024-43642 |
os-windows |
2 |
| SERVER-OTHER CA CAM log_security overflow attempt |
CVE-2005-2668 |
server-other |
1 |
| SERVER-OTHER Progress Kemp LoadMaster read_pass CVE-2024-7591 Command Injection |
CVE-2024-7591 |
server-other |
2 |
| SERVER-WEBAPP Cisco ASA and FTD denial of service attempt |
CVE-2024-20402 |
server-webapp |
1 |
| SERVER-WEBAPP Cisco Firewall Management Center command injection attempt |
CVE-2024-20424 |
server-webapp |
1 |
| SERVER-WEBAPP GitLab Community and Enterprise Edition CVE-2024-45409 SAML Authentication Bypass Vulnerability |
CVE-2024-45409 |
server-webapp |
1 |
| SERVER-WEBAPP Ivanti Cloud Services Appliance tripwire CVE-2024-9380 Command Injection |
CVE-2024-9380 |
server-webapp |
2 |
| SERVER-WEBAPP Ivanti Connect Secure and Policy Secure OpenSSL CVE-2024-37404 CRLF Injection |
CVE-2024-37404 |
server-webapp |
1 |
| SERVER-WEBAPP Jenkins File Parameter Plugin CVE-2023-32986 Directory Traversal Attempt |
CVE-2023-32986 |
server-webapp |
2 |
| SERVER-WEBAPP Jenkins Remoting fetchJar CVE-2024-43044 Arbitrary File Read |
CVE-2024-43044 |
server-webapp |
2 |
| SERVER-WEBAPP OSGeo GeoServer JXPath CVE-2024-36401 Arbitrary Method Invocation |
CVE-2024-36401 |
server-webapp |
1 |
| SERVER-WEBAPP ProjectSend CVE-2024-11680 Unauthenticated Remote Code Execution Vulnerability |
CVE-2024-11680 |
server-webapp |
1 |
| SERVER-WEBAPP PTZOptics VHD PTZ Camera CVE-2024-8956 Authentication Bypass and Command Injection Attempt |
CVE-2024-8956, CVE-2024-8957 |
server-webapp |
1 |
| SERVER-WEBAPP Veertu Anka Build service CVE-2024-41163 Directory Traversal |
CVE-2024-41163 |
server-webapp |
3 |
| SERVER-WEBAPP WordPress Hash Form plugin CVE-2024-5084 Arbitrary File Upload Attempt |
CVE-2024-5084 |
server-webapp |
1 |
| SERVER-WEBAPP Zimbra Collaboration CVE-2024-50599 Cross-Site Scripting |
CVE-2024-50599 |
server-webapp |
3 |
| SERVER-WEBAPP Zoho ManageEngine ADAudit Plus getLockoutHistoryData CVE-2024-5467 SQL Injection |
CVE-2024-5467 |
server-webapp |
3 |
| SERVER-WEBAPP Zoho ManageEngine ADAudit Plus getLockoutHistoryData CVE-2024-5467 SQL Injection |
CVE-2024-5467 |
server-webapp |
5 |
| SERVER-WEBAPP Zoho ManageEngine Applications Manager FaultTemplateOptions.jsp resourceid CVE-2019-11469 SQL injection attempt |
CVE-2019-11469 |
server-webapp |
1 |
Name: Name of the Signature.
CVE-ID: CVE Identification Number - Common
Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for
publicly known information security vulnerabilities.
Category: Class type according to threat.
Severity: Degree of severity - The levels of
severity are described in the table below:
Fixed issues, listed by ID, description, explanation and
Workaround.
| Severity Level |
Severity Criteria |
| 1 |
Critical |
| 2 |
Major |
| 3 |
Moderate |
| 4 |
Minor |
| 5 |
Warning |
Important Notice
Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be
accurate and reliable at the time of printing, but is presented without warranty
of any kind, expressed or implied. Users must take full responsibility for their
application of any products. Sophos Technologies Pvt. Ltd. assumes no
responsibility for any errors that may appear in this document. Sophos
Technologies Pvt. Ltd. reserves the right, without notice to make changes in
product design or specifications. Information is subject to change without
notice.
RESTRICTED RIGHTS
©1997 - 2025 Sophos Ltd. All rights reserved.
All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies
Pvt. Ltd.
Corporate Headquarters
Sophos Technologies Pvt. Ltd.
Registered in England and Wales No. 2096520,
The Pentagon, Abingdon Science Park,
Abingdon, OX14 3YP, UK
Web site: www.sophos.com