Tenable has disabled two Nessus scanner agent versions after discovering that they would go offline when triggering a differential plugin update.
Lightweight programs that are installed locally, the Tenable Nessus agents enable organizations to collect information from assets by scanning for vulnerabilities, compliance issues, and other data.
On December 31, Tenable announced that it discovered an issue where agents were going offline following plugin updates and decided to pause the updates until it identified the cause of the problem.
On January 2, the company revealed that the issue was affecting Nessus Agent versions 10.8.0 and 10.8.1 for TVM, TSC and Nessus. The plugin feed updates remained disabled, except for TVM Nessus Agent and TVM linked Nessus Scanner.
On the same day, Tenable announced the release of version 10.8.2 of the Nessus Agent that addresses the problem, and the next day it completely disabled agent versions 10.8.0 and 10.8.1, which were causing the problem. The plugin feed was also resumed.
Organizations using agent profiles in Tenable Vulnerability Management or Tenable Nessus Manager are advised to update to agent version 10.8.2 or downgrade to version 10.7.3, and to reset the plugins. In some cases, the plugins will have to be manually updated and reset.
“To fix the above issue, all Tenable Vulnerability Management and Tenable Security Center customers running Tenable Nessus Agent version 10.8.0 or 10.8.1 must either upgrade to agent version 10.8.2 or downgrade to 10.7.3,” the company explained.
“If you are using agent profiles for agent upgrades or downgrades, you must perform a separate plugin reset to recover any offline agents,” Tenable said.
Responding to a SecurityWeek inquiry, Tenable chief product officer Shai Morag explained that this was not a security incident and that customers were not adversely affected.
“On December 31st, Tenable identified some of the Nessus Agents on version 10.8.0 & 10.8.1 going offline after receiving a plugin update released on this date due to the unsuccessful plugin compilation resulting in plugin update error in the agent, Morag said.
Nessus Agent version 10.8.2 includes a fix that prevents the issue from occurring, and versions 10.7.x or earlier were not affected, Morag said, adding that further instructions were provided to customers via release notes and Knowledge Base articles.
Morag also underlined that this incident was not like the CrowdStrike outage and that only the Nessus agents were impacted.
“Tenable scans are detect-only and not expected to change anything on targets being scanned. In addition, Tenable agents run in the user space – not in driver/kernel mode – so there is no risk to the operating system,” Morag said.
*Updated with statement from Tenable.
Related: Tenable CEO Amit Yoran Dead at 54
Related: How to Get Started With Security Automation: Consider the Top Use Cases Within Your Industry
Related: After CrowdStrike Outage, Microsoft Debuts ‘Quick Machine Recovery’ Tool
Related: CrowdStrike Estimates the Tech Meltdown Caused by Its Bungling Left a $60 Million Dent in Its Sales