Article number
Affected Versions
Source Hypervisor
Target Hypervisor

FTN- 20190717: Response to CVE-2019-11477 Security Vulnerability

Viewed 583 times


There is a Common Vulnerability and Exposure (CVE) that can impact Zerto Virtual Replication Appliances (VRAs) if the VRA is not deployed with a VPN and firewall.   
The Zerto Installation Guide and Zerto Security and Hardening Guide provides guidance about VPN and firewall configuration.

Target Audience

All Zerto Versions



CVE-2019-11477 was recently added to the Common Vulnerabilities and Exposures list of publicly known cybersecurity vulnerabilities.  This vulnerability can be used for a denial of service attack on TCP interfaces.  Zerto recommends that VRAs as well as all other Zerto components be deployed with a VPN and firewall.
The vulnerability identified in CVE-2019-11477 is prevented by following the Zerto Installation Guide and Zerto Security and Hardening Guide to deploy the VRA behind a firewall. 
The next major release of Zerto software will include a new version of TCP that prevents this vulnerability.

Actions to take

Zerto recommends that customers deploy VRAs behind a firewall and configure the firewall to block traffic to the VRA as described in the Zerto Installation Guide and the Zerto Security and Hardening Guide.

See Also

vSphere and Hyper-V Installation Guide – Zerto Software:

Security and Hardening – Zerto Software: