EPSS
Percentile
99.6%
a. DDoS vulnerability in NTP third party libraries
The NTP daemon has a DDoS vulnerability in the handling of the “monlist” command. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack.
Mitigation
Mitigation for this issue is documented in VMware Knowledge Base article 2070193. This article also documents when vSphere products are affected.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5211 to this issue.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
EPSS
Percentile
99.6%