Article number
000003863
Affected Versions
All
Source Hypervisor
All
Target Hypervisor
All

How to Avoid Impact of CVE-2018-15473

Viewed 200 times

Summary

Administrators are approaching Zerto asking if and how they are impacted by a recently raised security vulnerability, CVE-2018-15473.

Steps

The CVE describes the ability of a user to verify if a username exists or not on the server. For the VRA, although the CVE exists, poses a very minor risk if at all.

In addition, according to this article there is a patch which can be manually applied on the VRA (Zerto version 7.5 and later).

With that said, Zerto should be upgraded to 7.5 and the patch be applied to each VRA as found in the link above.

** Note: Re-install/VRA upgrades post-patch application will require the patch be applied again. **