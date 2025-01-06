Tenable warns users to update now following possible plugin security issue
Users will need to manually update to restore Nessus agents
- Tenable urges users to update their Nessus instances to avoid a potential plugin security issue
- A previous plugin update saw agents going offline
- The earliest clean version is 10.8.2, so users should update now
Tenable has urged users to update their Nessus instances to avoid a potential plugin security issue.
Tenable Nessus is a widely used vulnerability scanner that helps identify and assess security vulnerabilities, misconfigurations, and compliance issues in networks, applications, and systems.
However, in the final hours of December 2024, the company said it was “aware of and actively investigating” an issue with Nessus agents going offline after plugin updates for certain users on all sites - and as a result, the company temporarily stopped plugin updates.
Resetting plugins
The incident apparently affected Nessus Agent versions 10.8.0 and 10.8.1, for users in North and Latin America, Europe, and Asia. To address the issue, Tenable released Nessus Agent version 10.8.2.
"There is a known issue which can cause Tenable Nessus Agent 10.8.0 and 10.8.1 to go offline when a differential plugin update is triggered. To prevent such an issue, Tenable has disabled plugin feed updates for these two agent versions. Additionally, Tenable has disabled the 10.8.0 and 10.8.1 versions to prevent further issues," the release notes detailed.
Now, users are called to either upgrade to 10.8.2, or downgrade to 10.7.3 to bring their Nessus agents online. However, they also need to reset their plugins.
“If you are using agent profiles for agent upgrades or downgrades, you must perform a separate plugin reset to recover any offline agents," the company concluded.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To adress the bugs, users first need to reset agent plugins via a script or a nessuscli reset command, and then manually upgrade the Tenable Nessus Agent using the 10.8.2 install package.
Tenable claims to have more 44,000 customers worldwide, including 65% of the Fortune 500. While the exact number of Nessus users isn't publicly disclosed, it is safe to assume that Nessus is quite popular in the cybersecurity community.
Via BleepingComputer
You might also like
- Fluent Bit vulnerability threatens almost all popular cloud platforms
- Here's a list of the best antivirus tools on offer
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.