Article number
000004367
Affected Versions
All
Source Hypervisor
All
Target Hypervisor
All

FTN- 20190717: Response to CVE-2019-11477 Security Vulnerability

Viewed 355 times

Summary

There is a Common Vulnerability and Exposure (CVE) that can impact Zerto Virtual Replication Appliances (VRAs) if the VRA is not deployed with a VPN and firewall.   
The Zerto Installation Guide and Zerto Security and Hardening Guide provides guidance about VPN and firewall configuration.

Target Audience

All Zerto Versions

Notice

Background

CVE-2019-11477 was recently added to the Common Vulnerabilities and Exposures list of publicly known cybersecurity vulnerabilities.  This vulnerability can be used for a denial of service attack on TCP interfaces.  Zerto recommends that VRAs as well as all other Zerto components be deployed with a VPN and firewall.
The vulnerability identified in CVE-2019-11477 is prevented by following the Zerto Installation Guide and Zerto Security and Hardening Guide to deploy the VRA behind a firewall. 
The next major release of Zerto software will include a new version of TCP that prevents this vulnerability.

Actions to take

Zerto recommends that customers deploy VRAs behind a firewall and configure the firewall to block traffic to the VRA as described in the Zerto Installation Guide and the Zerto Security and Hardening Guide.

See Also

vSphere and Hyper-V Installation Guide – Zerto Software:
http://s3.amazonaws.com/zertodownload_docs/Latest/Zerto%20Virtual%20Replication%20Installation%20Guide%20for%20vSphere%20and%20Hyper-V.pdf?cb=1562795297

Security and Hardening – Zerto Software:
http://s3.amazonaws.com/zertodownload_docs/Latest/Security%20and%20Hardening%20with%20Zerto%20Virtual%20Replication.pdf?cb=1562795297