Ixia ATI Update ATI-2020-09 (385910)


New Protocols & Applications (2)

Name Category Info
hpdataprotector Storage HP Data Protector (formerly OmniBack II) is a backup and recovery software that provides reliable data protection and high accessibility for customers' business data. It allows users to backup data onto storage devices and manage the library catalogues to keep track of all media and copies of data for recovery.
Zoom Meeting Chat Chat/IM Zoom is a popular teleconferencing application with rich messaging and multimedia features. This flow is a 2-arm simulation of the messaging protocols used in Zoom conference meeting Zoom offers client for both desktop and mobile users. The clients in this flow conform to version 4.6.11 software release. Zoom messaging uses TLS transport protocol for all its flows including enhanced XMPP for instant messaging (IM) and HTTP for login and message history retrieval. This simulation allows adding arbitrary number of users with high flexibility for various messaging scenarios.

New Super Flows (2)

Name Category Info
HP Data Protector Storage Simulates the scenario where TCP control connections are established for communications between Cell manager and its components and then performs a backup and restore operation with a client.
Zoom Meeting Chat
(2 Users)
Chat/IM This Super Flow simulates the Zoom Meeting Chat (version >= 4.6) application with two users: User-1 with a mobile client, and User-2 with a PC client. User-1 has hosted the meeting and User-2 joins the meeting and exchanges instant messages with User-1 and retrieves the message history.

New Application Profiles (1)

Name Info
Wholesale and Retail Industry Traffic Distribution It simulates traffic generated by the top 11 applications in the Wholesale and Retail Industry.

New Strikes (3)

CVSS ID References Category Info
9.0 E20-15pz1 CVE-2020-9463
CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C)
CVSSV3-8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
URL
Exploits This strike exploits a command injection vulnerability in Centreon 19.10. The vulnerability is due to improper validation of the server_ip parameter in a HTTP request. An authenticated attacker could exploit this by sending a maliciously crafted request to the server. A successful attack may result in arbitrary command execution in the context of the server process.
9.0 E20-5k5u1 CVE-2018-13330
CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C)
CVSSV3-7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
URL
Exploits This strike exploits a vulnerability in the TerraMaster NAS device. This device allows for the option to pass command line arguments to the system during the creation of a user but does not properly validate the arguments passed via the groupname parameter. It is possible to execute system commands as a root user on a vulnerable device.
4.3 E20-5k5y1 CVE-2018-13334
CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N)
CVSSV3-6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
URL
Exploits This strike exploits a vulnerability in the TerraMaster NAS device. This device allows for an attacker to execute a cross site scripting attack against the system by performing HTML injection via the sysname parameter. It is then possible to hijack the user session the vulnerable system.

Defects Resolved

Ticket Info
ATIBPS-16451 Fix strike E19-0ul11 so that whenever ran in conjunction with the 'Ignore Headers' evasion option, will not cause a test to be market as 'BLOCKED'.
ATIBPS-16534 Add missing meta and descriptions to strikes: E16-6hx01, E16-73l02, G04-3nj01.
ATIBPS-16625 Add NAT support for strike E19-7nx21.