Article number
000004367
Affected Versions
All
Source Hypervisor
All
Target Hypervisor
All
FTN- 20190717: Response to CVE-2019-11477 Security Vulnerability
Viewed 583 times
Summary
There is a Common Vulnerability and Exposure (CVE) that can impact Zerto Virtual Replication Appliances (VRAs) if the VRA is not deployed with a VPN and firewall.
The Zerto Installation Guide and Zerto Security and Hardening Guide provides guidance about VPN and firewall configuration.
The Zerto Installation Guide and Zerto Security and Hardening Guide provides guidance about VPN and firewall configuration.
Target Audience
All Zerto Versions
Notice
Background
CVE-2019-11477 was recently added to the Common Vulnerabilities and Exposures list of publicly known cybersecurity vulnerabilities. This vulnerability can be used for a denial of service attack on TCP interfaces. Zerto recommends that VRAs as well as all other Zerto components be deployed with a VPN and firewall.The vulnerability identified in CVE-2019-11477 is prevented by following the Zerto Installation Guide and Zerto Security and Hardening Guide to deploy the VRA behind a firewall.
The next major release of Zerto software will include a new version of TCP that prevents this vulnerability.
Actions to take
Zerto recommends that customers deploy VRAs behind a firewall and configure the firewall to block traffic to the VRA as described in the Zerto Installation Guide and the Zerto Security and Hardening Guide.See Also
vSphere and Hyper-V Installation Guide – Zerto Software:http://s3.amazonaws.com/zertodownload_docs/Latest/Zerto%20Virtual%20Replication%20Installation%20Guide%20for%20vSphere%20and%20Hyper-V.pdf?cb=1562795297
Security and Hardening – Zerto Software:
http://s3.amazonaws.com/zertodownload_docs/Latest/Security%20and%20Hardening%20with%20Zerto%20Virtual%20Replication.pdf?cb=1562795297