The Sophos Intrusion Prevention System shields the network from known attacks by matching the
network traffic against the signatures in the IPS Signature Database. These signatures are
developed to significantly increase detection performance and reduce the false alarms.
Applicable to: XGS-87, XGS-87(w), XGS-107, XGS-107(w),
XGS-116, XGS-116(w), XGS-126, XGS-126(w), XGS-136, XGS-136(w), XGS-2100, XGS-2300, XGS-3100,
XGS-3300, XGS-4300, XGS-4500, XG-86, XG-86(w), XG-106, XG-106(w), XG-115, XG-115(w), XG-125,
XG-125(w), XG-135, XG-135(w), XG-210, XG-230, XG-310, XG-330, XG-430, XG-450, SG-105, SG-105(w),
SG-115, SG-115(w), SG-125, SG-125(w), SG-135, SG-135(w), SG-210, SG-230, SG-310, SG-330, SG-430,
SG-450, SG-550, SG-650 and Any virtual deployment with RAM < 24GB
The table below provides details of Signatures included in this release.
This IPS Release includes Twenty one(21) Signatures
to address
Sixteen(16) Vulnerabilities.
Fixed issues, listed by ID, description, explanation and Workaround.
| Name |
CVE-ID |
Category |
Severity |
| BROWSER-PLUGINS Oracle Data Quality LoaderWizard ActiveX clsid access attempt |
CVE-2015-0446 |
browser-plugins |
3 |
| FILE-IMAGE GD Graphics Library PNG Parsing CVE-2004-0941 Buffer Overflow Attempt |
CVE-2004-0941 |
file-image |
2 |
| FILE-OFFICE LibreOffice EmbeddedFontsHelper CVE-2024-12425 Directory Traversal |
CVE-2024-12425 |
file-office |
2 |
| FILE-OFFICE LibreOffice EmbeddedFontsHelper CVE-2024-12425 Directory Traversal |
CVE-2024-12425 |
file-office |
5 |
| FILE-OFFICE Microsoft Office Outlook Express NNTP response overflow attempt |
CVE-2005-1213 |
file-office |
2 |
| FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt |
CVE-2014-6334 |
file-office |
1 |
| POLICY-OTHER CoinHive Miner client detected |
|
policy-other |
2 |
| SERVER-OTHER Gogs DeleteRepoFile Internal CVE-2024-39931 File Deletion |
CVE-2024-39931 |
server-other |
3 |
| SERVER-WEBAPP F5 BIG-IP Configuration Utility CVE-2023-46748 SQL Injection Attempt |
CVE-2023-46748 |
server-webapp |
2 |
| SERVER-WEBAPP GPON Router authentication bypass and command injection attempt |
CVE-2018-10562 |
server-webapp |
1 |
| SERVER-WEBAPP HPE Insight Remote Support setInputStream XML CVE-2024-11622 External Entity Injection |
CVE-2024-11622 |
server-webapp |
3 |
| SERVER-WEBAPP HPE Insight Remote Support setInputStream XML CVE-2024-11622 External Entity Injection |
CVE-2024-11622 |
server-webapp |
5 |
| SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt |
CVE-2024-9379 |
server-webapp |
2 |
| SERVER-WEBAPP Ivanti Endpoint Manager serverkbdmouse loadMouseTable CVE-2024-32840 SQL Injection |
CVE-2024-32840 |
server-webapp |
1 |
| SERVER-WEBAPP WordPress WP Shortcodes Plugin Src CVE-2025-0370 Stored Cross-Site Scripting |
CVE-2025-0370 |
server-webapp |
3 |
| SERVER-WEBAPP Zyxel DSL CPE OS CVE-2024-40890 Command Injection Attempt |
CVE-2024-40890 |
server-webapp |
1 |
The Sophos Intrusion Prevention System shields the network from known attacks by matching
the network traffic against the signatures in the IPS Signature Database. These
signatures are developed to significantly increase detection performance and reduce the
false alarms.
Applicable to: XG-550, XG-650, XG-750, XGS-5500,
XGS-6500 and Any virtual deployment with RAM >24GB
The table below provides details of Signatures included in this release.
This IPS Release includes Twenty eight(28) Signatures
to address
Nineteen(19) Vulnerabilities.
Fixed issues, listed by ID, description, explanation and Workaround.
| Name |
CVE-ID |
Category |
Severity |
| BROWSER-PLUGINS Oracle Data Quality LoaderWizard ActiveX clsid access attempt |
CVE-2015-0446 |
browser-plugins |
3 |
| FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected |
|
file-identify |
5 |
| FILE-IMAGE GD Graphics Library PNG Parsing CVE-2004-0941 Buffer Overflow Attempt |
CVE-2004-0941 |
file-image |
2 |
| FILE-OFFICE LibreOffice EmbeddedFontsHelper CVE-2024-12425 Directory Traversal |
CVE-2024-12425 |
file-office |
2 |
| FILE-OFFICE LibreOffice EmbeddedFontsHelper CVE-2024-12425 Directory Traversal |
CVE-2024-12425 |
file-office |
5 |
| FILE-OFFICE Microsoft Office Outlook Express NNTP response overflow attempt |
CVE-2005-1213 |
file-office |
2 |
| FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt |
CVE-2014-6334 |
file-office |
1 |
| OS-WINDOWS Microsoft Windows DHCP Client DhcpAssembleOptionsForParsing_New Out-Of-Bounds Read |
CVE-2025-21179 |
os-windows |
2 |
| OS-WINDOWS Microsoft Windows RDL Service TLSRpcChallengeServer Handling CVE-2024-38073 Two Vulnerabilities |
CVE-2024-38073 |
os-windows |
2 |
| OS-WINDOWS Microsoft Windows RDL Service TLSRpcChallengeServer Handling CVE-2024-38073 Two Vulnerabilities |
CVE-2024-38073 |
os-windows |
5 |
| SERVER-OTHER Gogs DeleteRepoFile Internal CVE-2024-39931 File Deletion |
CVE-2024-39931 |
server-other |
3 |
| SERVER-WEBAPP F5 BIG-IP Configuration Utility CVE-2023-46748 SQL Injection Attempt |
CVE-2023-46748 |
server-webapp |
2 |
| SERVER-WEBAPP GPON Router authentication bypass and command injection attempt |
CVE-2018-10562 |
server-webapp |
1 |
| SERVER-WEBAPP HPE Insight Remote Support setInputStream XML CVE-2024-11622 External Entity Injection |
CVE-2024-11622 |
server-webapp |
3 |
| SERVER-WEBAPP HPE Insight Remote Support setInputStream XML CVE-2024-11622 External Entity Injection |
CVE-2024-11622 |
server-webapp |
5 |
| SERVER-WEBAPP Ivanti Cloud Services Appliance SQL injection attempt |
CVE-2024-9379 |
server-webapp |
2 |
| SERVER-WEBAPP Ivanti Endpoint Manager serverkbdmouse loadMouseTable CVE-2024-32840 SQL Injection |
CVE-2024-32840 |
server-webapp |
1 |
| SERVER-WEBAPP WordPress WP Shortcodes Plugin Src CVE-2025-0370 Stored Cross-Site Scripting |
CVE-2025-0370 |
server-webapp |
3 |
| SERVER-WEBAPP Zyxel DSL CPE OS CVE-2024-40890 Command Injection Attempt |
CVE-2024-40890 |
server-webapp |
1 |
Name: Name of the Signature.
CVE-ID: CVE Identification Number - Common
Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for
publicly known information security vulnerabilities.
Category: Class type according to threat.
Severity: Degree of severity - The levels of
severity are described in the table below:
Fixed issues, listed by ID, description, explanation and
Workaround.
| Severity Level |
Severity Criteria |
| 1 |
Critical |
| 2 |
Major |
| 3 |
Moderate |
| 4 |
Minor |
| 5 |
Warning |
Important Notice
Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be
accurate and reliable at the time of printing, but is presented without warranty
of any kind, expressed or implied. Users must take full responsibility for their
application of any products. Sophos Technologies Pvt. Ltd. assumes no
responsibility for any errors that may appear in this document. Sophos
Technologies Pvt. Ltd. reserves the right, without notice to make changes in
product design or specifications. Information is subject to change without
notice.
RESTRICTED RIGHTS
©1997 - 2025 Sophos Ltd. All rights reserved.
All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies
Pvt. Ltd.
Corporate Headquarters
Sophos Technologies Pvt. Ltd.
Registered in England and Wales No. 2096520,
The Pentagon, Abingdon Science Park,
Abingdon, OX14 3YP, UK
Web site: www.sophos.com