This attack is possible if a malicious user gains Layer 2 access to cluster trusted (sync) interfaces (whose "Network Objective" in cluster object topology is "Sync").
Check Point does not consider this a valid attack vector.
Check Point Cluster Control protocol (CCP) packets are assumed to be sent over a trusted and isolated network. Customer may achieve this by using a dedicated physical network segment, or by using VLANs. It is the responsibility of the customer to ensure that this network is trusted and isolated.
- ClusterXL Administration Guide (R55, R60, R61, R62, R65, R70, R71, R75, R75.20, R75.40, R75.40VS, R76, R77)
- sk93306 - ATRG: ClusterXL R6x and R7x
- sk92804 - Sync Redundancy in ClusterXL
Credit: Check Point thanks Jakub Jozwiak for responsible disclosure of this issue.