Article number
000004367
Affected Versions
All
Source Hypervisor
All
Target Hypervisor
All
ZERTO FIELD NOTICE FTN- 20190717: RESPONSE TO CVE-2019-11477 SECURITY VULNERABILITY
Viewed 87 times
Target Audience
All
Notice
Date: 7/17/2019
Field Technical Notice: FTN-20190717
Zerto Versions Affected: AllDescription
There is a Common Vulnerability and Exposure (CVE) that can impact Zerto Virtual Replication Appliances (VRAs) if the VRA is not deployed with a VPN and firewall. The Zerto Installation Guide and Zerto Security and Hardening Guide provides guidance about VPN and firewall configuration.Background
CVE-2019-11477 was recently added to the Common Vulnerabilities and Exposures list of publicly known cybersecurity vulnerabilities. This vulnerability can be used for a denial of service attack on TCP interfaces. Zerto recommends that VRAs as well as all other Zerto components be deployed with a VPN and firewall.The vulnerability identified in CVE-2019-11477 is prevented by following the Zerto Installation Guide and Zerto Security and Hardening Guide to deploy the VRA behind a firewall.
The next major release of Zerto software will include a new version of TCP that prevents this vulnerability.
Actions to take
Zerto recommends that customers deploy VRAs behind a firewall and configure the firewall to block traffic to the VRA as described in the Zerto Installation Guide and the Zerto Security and Hardening Guide.See Also
vSphere and Hyper-V Installation Guide – Zerto Software:http://s3.amazonaws.com/zertodownload_docs/Latest/Zerto%20Virtual%20Replication%20Installation%20Guide%20for%20vSphere%20and%20Hyper-V.pdf?cb=1562795297
Security and Hardening – Zerto Software:
http://s3.amazonaws.com/zertodownload_docs/Latest/Security%20and%20Hardening%20with%20Zerto%20Virtual%20Replication.pdf?cb=1562795297