Article number
000004367
Affected Versions
All
Source Hypervisor
All
Target Hypervisor
All

ZERTO FIELD NOTICE FTN- 20190717: RESPONSE TO CVE-2019-11477 SECURITY VULNERABILITY

Viewed 169 times

Target Audience

All

Notice

Date: 7/17/2019

Field Technical Notice: FTN-20190717

Zerto Versions Affected: All

Description

There is a Common Vulnerability and Exposure (CVE) that can impact Zerto Virtual Replication Appliances (VRAs) if the VRA is not deployed with a VPN and firewall.   The Zerto Installation Guide and Zerto Security and Hardening Guide provides guidance about VPN and firewall configuration.

Background

CVE-2019-11477 was recently added to the Common Vulnerabilities and Exposures list of publicly known cybersecurity vulnerabilities.  This vulnerability can be used for a denial of service attack on TCP interfaces.  Zerto recommends that VRAs as well as all other Zerto components be deployed with a VPN and firewall.
The vulnerability identified in CVE-2019-11477 is prevented by following the Zerto Installation Guide and Zerto Security and Hardening Guide to deploy the VRA behind a firewall. 
The next major release of Zerto software will include a new version of TCP that prevents this vulnerability.

Actions to take

Zerto recommends that customers deploy VRAs behind a firewall and configure the firewall to block traffic to the VRA as described in the Zerto Installation Guide and the Zerto Security and Hardening Guide.

See Also

vSphere and Hyper-V Installation Guide – Zerto Software:
http://s3.amazonaws.com/zertodownload_docs/Latest/Zerto%20Virtual%20Replication%20Installation%20Guide%20for%20vSphere%20and%20Hyper-V.pdf?cb=1562795297

Security and Hardening – Zerto Software:
http://s3.amazonaws.com/zertodownload_docs/Latest/Security%20and%20Hardening%20with%20Zerto%20Virtual%20Replication.pdf?cb=1562795297