The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Check Point cluster stability improvement to prevent incorrect change of cluster members state to "Ready"
ClusterXL, Cluster - 3rd party
R75, R76, R77, R77.10, R77.20, R77.30
Gaia, SecurePlatform 2.6, IPSO 6.2, Windows
Platform / Model
It was demonstrated that by forging CCP packets, it is possible to "confuse" cluster members about the state of peer members and cause denial of service (cluster members could be forced to incorrectly change their state to "Ready").
Credit: Check Point thanks Christian Port for responsible disclosure of this issue.
This attack is possible if a malicious user gains Layer 2 access to cluster non-trusted (non-sync) interfaces (whose "Network Objective" in cluster object topology is not "Sync").