Mobile Access Portal Agent runs predefined Native Applications. If administrator configured such application with environment variables in the path, Portal Agent may run an arbitrary application that was placed in a specially created location.
Users should install a hotfix to upgrade Portal Agent to a non-vulnerable version.
If automatic updates are enabled (see sk94508), the update is installed automatically on all relevant Check Point Mobile Access Gateways.
Note: Automatic update is distributed gradually. If your Security gateway did not receive the update yet, install it manually following the instructions below.
Make sure your Mobile Access Gateway meets these requirements:
The version of the Mobile Access Portal Agent is lower than 800007042.
You can check the Mobile Access Portal Agent version in one of these ways:
Run this command in the Expert mode on the Mobile Access Gateway:
Open the applicable file in the Mobile Access Portal:
https://<IP Address of Mobile Access Gateway>/<Prefix of Mobile Access Portal>/SNX/CSHELL/cshell_ver.txt
Example output: 80,0,0070,40
The latest Take of AutoUpdater (see sk165653) is installed on the Mobile Access Gateway.
Note: This package cannot be installed on Scalable Platforms (Maestro and Chassis).
Download the hotfix package to your computer:
Transfer the hotfix package to the Mobile Access Gateway to some directory.
Connect to the command line on the Mobile Access Gateway.
Log in to the Expert mode.
Install the package with this command:
autoupdatercli install /<path>/<package>
Note - The installation does not require
reboot. Once installed, no further action is required, and the update is immediately applied.