Juniper Junos NTP Server Amplification Remote DoS (JSA10613)

Medium Nessus Plugin ID 77756


The remote device is missing a vendor-supplied security patch.


According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability in the NTP daemon related to the handling of the 'monlist' command. A remote attacker can exploit this by forging a request that results in a distributed denial of service.

Note that this issue only affects devices with NTP client or server enabled.


Apply the relevant Junos software release or workaround referenced in Juniper advisory JSA10613.

See Also

Plugin Details

Severity: Medium

ID: 77756

File Name: juniper_jsa10613.nasl

Version: 1.5

Type: combined

Published: 2014/09/19

Modified: 2017/05/16

Dependencies: 55932

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:junos, cpe:/a:ntp:ntp

Required KB Items: Host/Juniper/JUNOS/Version, Host/Juniper/JUNOS/BuildDate

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/09/08

Vulnerability Publication Date: 2010/04/29

Reference Information

CVE: CVE-2013-5211

BID: 64692

OSVDB: 101576

CERT: 348126

EDB-ID: 33073

ICSA: 14-051-04

JSA: JSA10613