SNX can accept files with connection commands. If such a file contains wrong commands, SNX prints the line with unrecognized command. Since SNX runs as ROOT, an attacker can supply any file on the system and get one line of its content. If the file contains sensitive information, the attacker can get part of it.

Install this hotfix package on your Security Gateway to upgrade the SNX to a non-vulnerable version:

Security Gateway Version	Hotfix Name	CPUSE Identifier for Online Package	CPUSE Offline Package
R80.10	R80_10_SNX_update_750	Check_Point_R80_10_SNX_UPDATE_750_Bundle_T3_FULL.tgz	TGZ
R80.20	R80_20_SNX_update_584_main	Check_Point_R80_20_SNX_UPDATE_584_MAIN_Bundle_T4_FULL.tgz	TGZ
R80.20SP	R80_20SP_JHF_T310_SNX_MAIN_Bundle_T4	Check_Point_R80_20SP_JHF_T310_SNX_MAIN_Bundle_T4_FULL.tgz	TGZ
R80.30	R80_30_SNX_update_382_main	Check_Point_R80_30_SNX_UPDATE_382_MAIN_Bundle_T6_FULL.tgz	TGZ
R80.30SP	R80_30SP_JHF_T75_SNX_MAIN_Bundle_T2	Check_Point_R80_30SP_JHF_T75_SNX_MAIN_Bundle_T2_FULL.tgz	TGZ
R80.40	R80_40_SNX_update_568_main	Check_Point_R80_40_SNX_UPDATE_568_MAIN_Bundle_T3_FULL.tgz	TGZ
R81	R81_SNX_update_111_main	Check_Point_R81_SNX_UPDATE_111_MAIN_Bundle_T1_FULL.tgz	TGZ

Information for Quantum Spark Appliances:

The fix is available for 15xx models.

To upgrade the SNX Client, do one of these:

• Run this command on the appliance:

  delete ssl-network-extender

• Upgrade the firmware.

Note - The fix for 700 / 1100 / 1200R / 1400 models is planned.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.