A remote code execution vulnerability in the WebAdmin of SG UTM was recently discovered and responsibly disclosed to Sophos. It was reported via the Sophos bug bounty program by an external security researcher. The vulnerability has been fixed.
The remediation prevented users from remotely executing arbitrary code. There was no evidence that the vulnerability was exploited and to our knowledge no customers are impacted.
Customers can protect themselves by ensuring their WebAdmin is not exposed to WAN.
This can be achieved by keeping Internal (LAN) (Network) or another internal-only network definition as the sole entry in Management→WebAdmin Settings→WebAdmin Access Configuration→Allowed Networks.
Internal (LAN) (Network)