5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.967 High
EPSS
Percentile
99.6%
a. DDoS vulnerability in NTP third party libraries
The NTP daemon has a DDoS vulnerability in the handling of the “monlist” command. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack.MitigationMitigation for this issue is documented in VMware Knowledge Base article 2070193. This article also documents when vSphere products are affected.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5211 to this issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.