Features Released in February 2021 - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Release Notes

Creation date
Last date published
Release Notes

The following table describes new features in the Cortex Xpanse February 2021 release.



New Issue Policies

  • Zyxel WLAN Access Point Controller—Medium – Zyxel Networks Corporation’s Wireless LAN Controllers are all-in-one, intelligent wireless LAN controllers for centralized WLAN management and auto provisioning. This issue identifies Zyxel Wireless LAN 2000/5000 series controllers. Some of these devices were revealed to have a default password still set, as of January 2021.

  • Citrix Application Delivery Controller—Medium – This policy covers detection for two devices from Citrix:

    • Citrix ADC (aka Netscaler ADC)

    • Citrix Gateway (AKA Netscaler Gateway)

  • Insecure Citrix Application Delivery Controller—High – This policy highlights versions of the Citrix Application Delivery Controller which may be vulnerable to CVE-2019-19781.

  • F5 BIG-IP Access Policy Manager—Low – BIG-IP Access Policy Manager (APM) is an access management proxy solution maintained by F5 Networks, Inc. F5 BIG-IP APM consolidates remote, mobile, network, virtual, and web access, and functions as an identity aware proxy that puts an Auth/SSO wall in front of other applications. This issue identifies the F5 BIG-IP APM landing page.

  • IKEv1 Server—Medium – This issue enumerates IKEv1servers. Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKEv1, an older version of the protocol, is generally vulnerable to several known exploits in implementations of IKEv1 in firewalls and networking gear that supports IPsec VPN tunnels. Compromise of IKEv1 could allow an adversary to bypass authentication and impersonate clients or servers.

  • SonicWall Secure Mobile Access VPN—Low – SonicWall released an urgent security notice of an ongoing investigation into probable zero-day vulnerabilities with its SMA 100 Series products. SonicWall SMA is a remote access gateway offering application-level VPN, granular access control, and device authorization to access corporate resources hosted on-prem, and in cloud and hybrid data centers. The SMA 100 series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v model vpns) running SMA 8.x/9.x/10.x remains under investigation and should be acknowledged as potentially insecure. This issue finds SonicWall Secure Mobile Access (SMA) VPN devices. While this issue does not find model numbers, some server/software numbers and versions of software on login pages are able to be discovered, and are displayed where observed.

  • UPDATED: Oracle WebLogic Server—Medium – This issue has been updated with enhanced signatures to find additional WebLogic servers.

  • Oracle Fusion Middleware—Medium – Oracle Fusion Middleware is a suite of products from Oracle Corporation that facilitates infrastructure to create business applications. It can communicate with multiple services, including Oracle WebLogic (a Java EE application server), HTTP servers, integration services, business intelligence, and content management. This issue identifies web servers that have Fusion Middleware deployed by identifying the Oracle Fusion Middleware splash/documentation page.

  • Cisco SD-WAN—Medium – Cisco SD-WAN is a software-defined wide area network management solution that is managed through Cisco’s vManage interface. While this issue does not find versions of the SD-WAN software, it identifies the Cisco SD-WAN login-page.

  • Schneider Electric PowerChute—Medium – PowerChute Business Edition is a Schneider Electric software product for UPS management, graceful shutdown and energy management capabilities. This issue identifies agent web UI and logging features of PowerChute 9.2.1 and below.

  • Adobe Experience Manager—Medium

  • Cisco Integrated Management Controller (IMC)—Medium – This issue identifies Cisco Integrated Management Controllers (CIMC/IMC), a baseboard management controller that provides embedded server management for Cisco UCS C-Series Rack Servers and Cisco UCS S-Series Storage Servers. There are several vulnerabilities in the API subsystem of CIMC, though this issue does not specifically flag the vulnerable version types.

  • SAP BusinessObjects BI Platform —Medium – SAP BusinessObjects Business Intelligence Platform is a centralized suite for data reporting, visualization, sharing, and analysis with BusinessObjects WebIntelligence, Analytics Cloud, and SAP Crystal Reports. This issue enumerates instances of the SAP BusinessObjects Central Management Console (CMC), a web-based tool used to perform administrative tasks, including user management, content management, and server management.

Select All Option added to Dropdown Filters

We have added a more convenient select all button at the top of every drop-down filter, which can be used to more easily select either very few values or nearly all (“n-1”) values.

Attack Surface Overview Dashboard now Defaults to “All Statuses”

We have updated the default status filter for the Attack Surface Overview to All Statuses to improve customer convenience.

Bug Fixes

Dashboards no longer show non-available filter options within the settings panel.