Hotfix Name: Check_Point_ESOD_CSHELL_AUTOUPDATE_Bundle_T17_AutoUpdate.tar Here is the ink If automatic updates are enabled (see sk94508), the update will be installed automatically on all relevant Check Point machines. Users should install a hotfix to upgrade Portal Agent to a non-vulnerable version. Check Point acknowledgement to CodeGreen can be found Here in this link It is being disclosed in accordance with industry best practices vulnerability disclosure policy and in cooperation with the Checkpoint Security Incident Response Team.įull PoC document can be downloaded from here Check Point's KB article can be found Here in this link This issue was discovered by CodeGreen Systems Security Analyst and Principal Consulting Engineer Raeez Abdulla during a SSL VPN penetration testing engagement with one of our BFSI customers. If an administrator configured such an application with environment variables in the path, Portal Agent may run an arbitrary application that was placed in a specially created location. ‘Mobile Access Portal Agent’ runs predefined Native Applications. In Check Point SSL VPN, when environment variables are used in configuration before build 800007042, ‘Mobile Access Portal Agent’ arbitrary applications from a specially crafted location instead of the predefined Native Application.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |