In September 2020, Sophos resolved and released a fix for a remote code execution vulnerability in the WebAdmin of SG UTM and promptly informed the SG Community to upgrade to the latest firmware which fixed this issue. Firmware Versions SG UTM v9.705 MR5, v9.607 MR7, and v9.511 MR11 or later have the necessary fix. Any versions prior to this may be vulnerable if WebAdmin is exposed to the WAN.
Last month, August 2021, Sophos sent a notification that a security researcher had published information on how to exploit this same one-year-old SG UTM vulnerability. Sophos has recently observed attackers exploiting this vulnerability on fewer than a dozen older systems.
It is critically important to:
- Upgrade the UTM firmware immediately to a more recent release that contains a fix for this vulnerability;
- Disable WAN access to Webadmin; &/or
- Alternatively, upgrade to the all-new Sophos XGS
To determine if a particular SG UTM has been affected by recent attacks on this vulnerability, please consult this knowledge base article for instructions on how to remediate the issue.
As a security best practice, it is essential to keep all network security firmware up-to-date with the latest releases to reduce the risk of an attack.