Field Technical Notice: FTN-20190717
Zerto Versions Affected: All
There is a Common Vulnerability and Exposure (CVE) that can impact Zerto Virtual Replication Appliances (VRAs) if the VRA is not deployed with a VPN and firewall. The Zerto Installation Guide and Zerto Security and Hardening Guide provides guidance about VPN and firewall configuration.
CVE-2019-11477 was recently added to the Common Vulnerabilities and Exposures list of publicly known cybersecurity vulnerabilities. This vulnerability can be used for a denial of service attack on TCP interfaces. Zerto recommends that VRAs as well as all other Zerto components be deployed with a VPN and firewall.
The vulnerability identified in CVE-2019-11477 is prevented by following the Zerto Installation Guide and Zerto Security and Hardening Guide to deploy the VRA behind a firewall.
The next major release of Zerto software will include a new version of TCP that prevents this vulnerability.
Actions to take
Zerto recommends that customers deploy VRAs behind a firewall and configure the firewall to block traffic to the VRA as described in the Zerto Installation Guide and the Zerto Security and Hardening Guide.
vSphere and Hyper-V Installation Guide – Zerto Software:
Security and Hardening – Zerto Software: