Mobile Access Portal Agent runs predefined Native Applications. If administrator configured such application with environment variables in the path, Portal Agent may run an arbitrary application that was placed in a specially created location.
Users should install a hotfix to upgrade Portal Agent to a non-vulnerable version.
Automatic Installation
If automatic updates are enabled (see sk94508), the update is installed automatically on all relevant Check Point Mobile Access Gateways.
Note: Automatic update is distributed gradually. If your Security gateway did not receive the update yet, install it manually following the instructions below.
Manual Installation
-
Make sure your Mobile Access Gateway meets these requirements:
-
The version of the Mobile Access Portal Agent is lower than 800007042.
You can check the Mobile Access Portal Agent version in one of these ways:
-
Run this command in the Expert mode on the Mobile Access Gateway:
cat $CVPNDIR/htdocs/SNX/CSHELL/cshell_ver.txt
-
Open the applicable file in the Mobile Access Portal:
https://<IP Address of Mobile Access Gateway>/<Prefix of Mobile Access Portal>/SNX/CSHELL/cshell_ver.txt
Example output: 80,0,0070,40
-
The latest Take of AutoUpdater (see sk165653) is installed on the Mobile Access Gateway.
Note: This package cannot be installed on Scalable Platforms (Maestro and Chassis).
-
Download the hotfix package to your computer:
| Hotfix Package |
Link |
| Check_Point_ESOD_CSHELL_AUTOUPDATE_Bundle_T17_AutoUpdate.tar |
TAR |
-
Transfer the hotfix package to the Mobile Access Gateway to some directory.
-
Connect to the command line on the Mobile Access Gateway.
-
Log in to the Expert mode.
-
Install the package with this command:
autoupdatercli install /<path>/<package>
Note - The installation does not require cpstop, cpstart, or reboot. Once installed, no further action is required, and the update is immediately applied.
