Support Center > Search Results > SecureKnowledge Details
Check Point cluster stability improvement to prevent incorrect change of cluster members state to "Ready"
Symptoms
  • It was demonstrated that by forging CCP packets, it is possible to "confuse" cluster members about the state of peer members and cause denial of service (cluster members could be forced to incorrectly change their state to "Ready").

    Credit: Check Point thanks Christian Port for responsible disclosure of this issue.

Cause

This attack is possible if a malicious user gains Layer 2 access to cluster non-trusted (non-sync) interfaces (whose "Network Objective" in cluster object topology is not "Sync").


Solution
Note: To view this solution you need to Sign In .