Executive Summary

Date: January 2025

On December 31, 2024, a critical issue emerged with Tenable plugin updates, leading to widespread disruptions of Nessus vulnerability scanner agents globally. This incident affected Nessus Agent versions 10.8.0 and 10.8.1, causing them to go offline across multiple regions, including the Americas, Europe, and Asia. Tenable has responded by releasing version 10.8.2 to rectify the problem. This report delves into the technical specifics of the incident, its impact on cybersecurity operations, and offers recommended mitigation strategies.

Technical Information

The disruption was triggered by faulty differential plugin updates, which caused the Nessus agents to become non-operational. The affected versions were Nessus Agent 10.8.0 and 10.8.1. The root cause was identified as a flaw in the plugin update mechanism, which failed to properly integrate with the existing agent infrastructure, leading to a breakdown in functionality. Tenable's response involved the swift release of Nessus Agent version 10.8.2, which addressed the underlying issues and restored agent functionality.

The technical community has emphasized the importance of rigorous testing and validation of updates in cybersecurity products. This incident serves as a stark reminder of the potential consequences of inadequate testing, which can lead to significant operational disruptions. Organizations relying on Nessus for vulnerability management experienced interruptions in their security operations, highlighting the critical need for robust update management processes.

.

Affected Product Versions

The affected product versions are Nessus Agent 10.8.0 and 10.8.1. Organizations using these versions experienced disruptions in their vulnerability management operations. Tenable has released Nessus Agent version 10.8.2 to address the issue and restore functionality.

Workaround and Mitigation

To mitigate the impact of this incident, organizations are advised to upgrade to Nessus Agent version 10.8.2, which resolves the issue. Alternatively, organizations can downgrade to version 10.7.3 if immediate upgrading is not feasible. Additionally, performing a plugin reset using the script provided in the release notes or the nessuscli reset command can help restore agent functionality. It is crucial for organizations to implement robust update management processes to prevent similar incidents in the future.

References

For further information, please refer to the following resources:

• BleepingComputer Article: Bad Tenable plugin updates take down Nessus agents worldwide (https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/)
• Tenable Nessus Agent 10.8.2 Release Notes

Rescana is here for you

At Rescana, we are dedicated to assisting our customers in navigating the complex landscape of cybersecurity threats. Our Continuous Threat and Exposure Management (CTEM) platform is designed to provide comprehensive threat intelligence and vulnerability management solutions. We are here to support you in mitigating the risks associated with this and other cybersecurity threats. For further assistance or inquiries, please contact us at ops@rescana.com.