ATI Update ATI-2022-19

New Protocols & Applications (2)

Name Category Info
Canva Aug22 Enterprise Applications Canva is a graphic design platform, used to create social media graphics, presentations, posters, documents and other visual content. The app includes templates for users to use.
Google Play Store Aug22 Social Networking/Search Google Play Store is a digital distribution service operated and developed by Google. It is widely used as a marketplace for android apps.

New Superflows (10)

Name Category Info
Amazon Video DASH - HTTP/2 Voice/Video/Media This Super Flow simulates Amazon Prime Video streaming flow using Dynamic Adaptive Streaming over HTTP/2 (ISO/IEC 23009-1_2014 MPEG-DASH) protocol.
Bandwidth DASH - HTTP/2 Voice/Video/Media This Super Flow simulates Dynamic Adaptive Streaming over HTTP/2 (DASH) in popular OTT applications such as Amazon Prime Video, Netflix etc.
Facebook Video (Mobile App) - HTTP/2 Voice/Video/Media This is a simulation of Facebook Video streams in the mobile client app.
Canva Aug22 Enterprise Applications Simulates the use of the Canva application as of August 2022 where a user opens the website, signs in, creates a new design project, downloads it, browses multiple templates, and edits an existing project before signing out.
Canva Bandwidth Jul22 Enterprise Applications Simulates the use of the Canva application as of August 2022 where a user creates a new design project, downloads it, browses multiple templates, and then edits an existing project.
Google Play Store Aug22 Social Networking Search Simulates the use of the Google Play store app on an android device as of August 2022. The user opens the app, browses for content, searches for an app, installs the app, rates the app.
Google Play Store Aug22 Install App Social Networking Search Simulates the use of the Google Play store app on an android device as of August 2022. The user opens the website, searches for an app, and installs it.
Google Play Store Aug22 Rate App Social Networking Search Simulates the use of the Google Play store app on an android device as of August 2022. The user opens the website, searches for an app, and rates it.
Zoom Meeting Audio/Video Bandwidth Voice/Video/Media This is a simulation of Zoom Conference Meeting (version >= 4.6) application with two users: User-1 with a mobile client, and User-2 with a PC client.
Zoom Meeting Audio-Only Bandwidth Voice/Video/Media This is a simulation of Zoom Conference Meeting (version >= 4.6) application with two users: User-1 with a mobile client, and User-2 with a PC client.

New Application Profiles (1)

Name Info
Sandvine 2022 Global Upstream It simulates the upstream traffic generated by the top 10 applications reported in the Sandvine Global Internet Phenomena Report January 2022.

New Strikes (3)

CVSS ID References Category Info
7.5 E22-ekyh1 CVE-2022-34265CVSSCVSSv3CWE-89URL Exploits This strike exploits two SQL injection vulnerability in Django. The vulnerabilities are due to insufficient sanitization of user input to kind and lookup_name parameter passed to database functions Trunc and Extract respectively. A remote attacker can exploit the vulnerabilities by sending a crafted request to the target server. Successful exploitation could result in execution of arbitrary SQL statements. *NOTE: When running this strike in OneArm mode, it sends a malicious request to the target Django webapp, and creates a new table in the database.
5.8 E22-edka1 CVE-2022-24682CVSSCVSSv3CWE-79URL Exploits This strike exploits reflected cross-site scripting vulnerability in Zimbra Collaboration server. This vulnerability is due to insufficient input validation in the Calendar feature. A remote attacker could exploit this vulnerability by enticing the target to click on a crafted link. Successful exploitation could result in execution of script code in the security context of the target user's browser.
5.0 E22-1f4t1 CVE-2022-1661CVSSCVSSv3CWE-23ZDI-22-805 Exploits This strike exploits a directory traversal vulnerability exists in KeySight N6854A and N6841A RF Sensor Software. This vulnerability is due to incomplete input sanitization in Java class UserFirmwareRequestHandler. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request. Successful exploitation could read arbitrary files on the target server under the security context of the SYSTEM.

Defects Resolved

Component Info
Apps Added new parameter SCTP Payload Protocol Identifier under the GSM MAP flow. Updated the following 3 superflows with the new SCTP Payload Protocol Identifier parameter value: GSM MAP Authenticate and Update GPRS Location, GSM MAP Send Routing Info For SM and GSM MAP Update Location Error.