Check Point cluster stability improvement to prevent incorrect change of cluster members state to "Ready"
||ClusterXL, Cluster - 3rd party
||R75, R76, R77, R77.10, R77.20, R77.30
||Gaia, SecurePlatform 2.6, IPSO 6.2, Windows
|Platform / Model
It was demonstrated that by forging CCP packets, it is possible to "confuse" cluster members about the state of peer members and cause denial of service (cluster members could be forced to incorrectly change their state to "Ready").
Credit: Check Point thanks Christian Port for responsible disclosure of this issue.
This attack is possible if a malicious user gains Layer 2 access to cluster non-trusted (non-sync) interfaces (whose "Network Objective" in cluster object topology is not "Sync").
Note: To view this solution you need to