Sophos: Important Notice About Keeping Your UTM Firmware Up to Date
| Over the last several months, we have seen attackers increasingly target any infrastructure that enables them to get an entry into networks. This has created a renewed emphasis on patching and keeping firmware up to date, which is why we are reaching out to you today with this important message. |
| As an example, in September 2020, we resolved and released a fix for a remote code execution vulnerability in the WebAdmin of SG UTM and promptly informed the SG Community. Last week, a security researcher published an article that provided information on how to exploit this year-old vulnerability. |
| If you are one of the many customers already running the most recent firmware on your SG UTM (v9.707), you are fully protected and do not need to take action – just be sure to continue to keep your firmware up to date. |
| If you are NOT running one of the versions with the fix for this vulnerability (SG UTM v9.705 MR5, v9.607 MR7, and v9.511 MR11) or later on your SG UTM device, this is a best-practice reminder that you need to urgently update your firmware. Full details are outlined in this security advisory. |
| It’s imperative that all your network infrastructure products be kept up to date with the latest firmware updates or patches. This is particularly important for any public-facing WAN device such as your firewall or UTM. It’s also an essential security best-practice to disable any access to administration consoles like the UTM WebAdmin from the WAN. |
