KBA 135412 - What does Compromised mean in this fix

Question

What exactly does compromised mean regarding this hotfix. Does this mean that Sophos checked if Admin service and / or User Portal where allowed on the WAN port(s), or that Sophos found that the vulnerability was exploided on the XG Firewall?

This thread was automatically locked due to age.

FloSupport · Answer

Hi kerobra_retired 
 The attack affected systems configured with either the administration interface (HTTPS admin service) or the user portal exposed on the WAN zone. In addition, firewalls manually configured to expose a firewall service (e.g. SSL VPN) to the WAN zone that shares the same port as the admin or User Portal were also affected. For reference, the default configuration of XG Firewall is that all services operate on unique ports. 
 More info available in the KBA.

FloSupport · Answer

After analyzing the components and intent of the attack, Sophos published a SophosLabs Uncut article, &ldquo;Asnarok&rdquo; Trojan targets firewalls , to share its current understanding of the malware.