I found that out in the most annoying way possible when a new CPUSE version was in the "gradual deployment" stage. One of the members of the cluster I was trying to upgrade knew about it, but the other member and the management server did not yet. Not particularly hard to deal with. We just check for a new CPUSE build before using CDT and install it if there is one. It's ultimately just a little snag made more noticeable because of how smooth the process is otherwise.
Agreed that if CDT is usable in the environment, it's a great way to address this problem. My environment has a separate firewall between the management and the firewalls, and we had to allow CPRID through it. Now that we have it working, my team doesn't do any manual jumbo installations on firewalls anymore.