A Remote Code Execution (RCE) vulnerability in Sophos XG Firewall firmware was recently discovered and responsibly disclosed to Sophos by an external security researcher. A hotfix has already been released and automatically pushed to all affected XG Firewalls that have been enabled for automatic updates. The fix is also included in the latest maintenance release, XG version v17.5-MR9. In both of the above situations, no action is required.

If you have not enabled automatic updates, the fastest way to apply the hotfix is to turn on automatic updates which enables the fix to be applied. Alternatively, if you prefer to upgrade to version v17.5-MR9 please go to MySophos to download this maintenance release.

For details on how to verify the hotfix version applied to XG Firewall, please refer to KBA134852. A list of the latest hotfix information per XG Firewall firmware version is here in KBA 134853