- Tenable urges users to update their Nessus instances to avoid potential plugin security issue
- A previous plugin update caused agents to go offline
- The oldest clean version is 10.8.2, so users should update now
Tenable has urged users to update their Nessus instances to avoid a potential plugin security issue.
Tenable Nessus is a widely used vulnerability scanner that helps identify and assess security vulnerabilities, misconfigurations, and compliance issues in networks, applications, and systems.
However, in the late hours of December 2024, the company said it was “aware of and actively investigating” an issue where Nessus agents were disconnecting after plugin updates for certain users across sites and, as As a result, the company temporarily stopped plugin updates. .
Reset plugins
The incident apparently affected versions 10.8.0 and 10.8.1 of Nessus Agent, for users in North America, Latin America, Europe, and Asia. To fix the issue, Tenable released Nessus Agent version 10.8.2.
“There is a known issue that may cause Tenable Nessus Agent 10.8.0 and 10.8.1 to disconnect when a differential plugin update is triggered. To prevent such an issue, Tenable has disabled plugin feed updates for these two versions of the agent Additionally, Tenable has disabled versions 10.8.0 and 10.8.1 to prevent further issues,” the release notes detail.
Users must now upgrade to 10.8.2 or downgrade to 10.7.3 to bring their Nessus agents online. However, they also need to reset their plugins.
“If you are using agent profiles for agent upgrades or downgrades, you must perform a separate plugin reset to recover any offline agents,” the company concluded.
To resolve the errors, users must first reset the agent plugins using a script or a nessuscli restart command and then manually update Tenable Nessus Agent using the 10.8.2 installation package.
Tenable claims to have more than 44,000 customers worldwide, including 65% of Fortune 500 companies. While the exact number of Nessus users is not publicly disclosed, it is safe to assume that Nessus is quite popular in the cybersecurity community.
Through beepcomputer
