Symptoms
Cause
Mobile Access Portal Agent runs predefined Native Applications. If administrator configured such application with environment variables in the path, Portal Agent may run an arbitrary application that was placed in a specially created location.
Solution
Users should install a hotfix to upgrade Portal Agent to a non-vulnerable version.
**
Automatic Installation**
If automatic updates are enabled (see sk94508), the update is installed automatically on all relevant Check Point Mobile Access Gateways.
Note: Automatic update is distributed gradually. If your Security gateway did not receive the update yet, install it manually following the instructions below.
**
Manual Installation**
* The version of the Mobile Access Portal Agent is lower than **800007042**.
You can check the Mobile Access Portal Agent version in one of these ways:
* Run this command in the Expert mode on the Mobile Access Gateway:
cat $CVPNDIR/htdocs/SNX/CSHELL/cshell_ver.txt
* Open the applicable file in the Mobile Access Portal:
https://<_IP Address of Mobile Access Gateway_>/<_Prefix of Mobile Access Portal_>/SNX/CSHELL/cshell_ver.txt
Example output: 80,0,0070,40
* The latest Take of AutoUpdater (see [sk165653](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk165653>)) is installed on the Mobile Access Gateway.
Note: This package cannot be installed on Scalable Platforms (Maestro and Chassis).
Download the hotfix package to your computer:
Transfer the hotfix package to the Mobile Access Gateway to some directory.
Connect to the command line on the Mobile Access Gateway.
Log in to the Expert mode.
Install the package with this command:
autoupdatercli install /<_path_>/<_package_>
Note - The installation does not require**cpstop
,cpstart
, orreboot
**. Once installed, no further action is required, and the update is immediately applied.