Tenable warns users to update now following possible plugin security issue

(Image credit: Shutterstock) (Image credit: Shutterstock)

Tenable urges users to update their Nessus instances to avoid a potential plugin security issue
A previous plugin update saw agents going offline
The earliest clean version is 10.8.2, so users should update now

Tenable has urged users to update their Nessus instances to avoid a potential plugin security issue.

Tenable Nessus is a widely used vulnerability scanner that helps identify and assess security vulnerabilities, misconfigurations, and compliance issues in networks, applications, and systems.

However, in the final hours of December 2024, the company said it was “aware of and actively investigating” an issue with Nessus agents going offline after plugin updates for certain users on all sites - and as a result, the company temporarily stopped plugin updates.

Resetting plugins

The incident apparently affected Nessus Agent versions 10.8.0 and 10.8.1, for users in North and Latin America, Europe, and Asia. To address the issue, Tenable released Nessus Agent version 10.8.2.

"There is a known issue which can cause Tenable Nessus Agent 10.8.0 and 10.8.1 to go offline when a differential plugin update is triggered. To prevent such an issue, Tenable has disabled plugin feed updates for these two agent versions. Additionally, Tenable has disabled the 10.8.0 and 10.8.1 versions to prevent further issues," the release notes detailed.

Now, users are called to either upgrade to 10.8.2, or downgrade to 10.7.3 to bring their Nessus agents online. However, they also need to reset their plugins.

“If you are using agent profiles for agent upgrades or downgrades, you must perform a separate plugin reset to recover any offline agents," the company concluded.

To adress the bugs, users first need to reset agent plugins via a script or a nessuscli reset command, and then manually upgrade the Tenable Nessus Agent using the 10.8.2 install package.

Tenable claims to have more 44,000 customers worldwide, including 65% of the Fortune 500. While the exact number of Nessus users isn't publicly disclosed, it is safe to assume that Nessus is quite popular in the cybersecurity community.

Via BleepingComputer

Fluent Bit vulnerability threatens almost all popular cloud platforms
Here's a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.