• This topic has 6 replies, 4 voices, and was last updated August 19, 2020 by Kalsang D.

Impact of Vulnerability Ripple20 on Zerto Products

  • Hello,

    Currently being reported,
    Does the vulnerability Ripple20 affect Zerto products?
    Could you please confirm?

    -Are there any Zerto products affected by this vulnerability?
    ・If there is any impact, please tell us about the following.
    Workaround (if any)
    Timing of providing corrections and countermeasures.

    Best Regards

     

    Hello,

    Contara from Zerto Support.

    I searched in our Zerto database and internal Forum we don’t have information on vulnerability “Ripple20”.

    Your question has been posted in the internal Zerto Forum.  If I have more information from the Internal Zerto Forum I will reply back to the Support Q&A forum.

    =================================

    But we do have other vulnerabilities:

    Meltdown and Spectre Vulnerability

    Meltdown and Spectre Vulnerability (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754) Update

    ZERTO FIELD NOTICE FTN- 20190717: RESPONSE TO CVE-2019-11477 SECURITY VULNERABILITY

    ZERTO FIELD NOTICE FTN- 20190717: RESPONSE TO CVE-2019-11477 SECURITY VULNERABILITY

    ZERTO FIELD NOTICE FTN- 20190718: ZERTO “FROM AWS” SECURITY VULNERABILITY AND PATCH NOTIFICATION

    ZERTO FIELD NOTICE FTN- 20190718: ZERTO “FROM AWS” SECURITY VULNERABILITY AND PATCH NOTIFICATION

    Thank you.

     

    Hello,

    The latest respond from our internal Zerto Forum:

    “Thank you for the question. I’m investigating this and will follow up with their assessment.”

    When I have the answer or more information I will respond back to the posting.

    Thank You,

    Contara

    Hello there,

    By the way I got same thing one of our VRA Ripple20 so there is any update or fix ?  or is it really efect us what we should do

    The update that we got from our Internal forum was ” We use 3rd party software to regularly scan and monitor our code for vulnerabilities. I have confirmed with our Security Team that we do not use Treck, which is the vulnerability exploited in Ripple20″. Will share you more once I’ve more information on it. Thanks, Kal

    Hello,

    Sorry for the late reply

    Thank you for your reply.
    We will check the contents and inform the customer.

    I will let you know if I have any questions.

    Best Regards

    Okay, thank you.

    Best regards,

The forum ‘Support Q & A’ is closed to new topics and replies.