Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates.
As the cybersecurity company acknowledged in an incident report issued after pausing plugin updates to prevent the issue from impacting even more systems, the agents went offline "for certain users on all sites."
This ongoing incident affects systems updated to Nessus Agent versions 10.8.0 and 10.8.1 across the Americas, Europe, and Asia. Tenable has since pulled the bad versions and released Nessus Agent version 10.8.2 to fix the issue causing agents to shut down.
In the most recent update on their status page, Tenable said they plan to resume the plugin feed by the end of the day to allow plugin downloads again.
"There is a known issue which can cause Tenable Nessus Agent 10.8.0 and 10.8.1 to go offline when a differential plugin update is triggered. To prevent such an issue, Tenable has disabled plugin feed updates for these two agent versions. Additionally, Tenable has disabled the 10.8.0 and 10.8.1 versions to prevent further issues," Tenable says in the Nessus Agent 10.8.2 release notes.
Manual upgrades required to bring agents back online
Affected customers must upgrade to agent version 10.8.2 or downgrade to 10.7.3 to bring their Nessus agents back online, but a plugin reset is also required to recover offline agents if agent profiles are used for upgrades or downgrades.
"To fix the above issue, all Tenable Vulnerability Management and Tenable Security Center customers running Tenable Nessus Agent version 10.8.0 or 10.8.1 must either upgrade to agent version 10.8.2 or downgrade to 10.7.3. If you are using agent profiles for agent upgrades or downgrades, you must perform a separate plugin reset to recover any offline agents," the company added.
However, fixing the issue requires manually upgrading the agents using the Tenable Nessus Agent 10.8.2 install package and, where needed, first resetting agent plugins either using a script (shared in the release notes) or a nessuscli reset command.
In July 2024, a similar incident with a much more significant impact, triggered by a faulty CrowdStrike Falcon update, caused widespread outages that affected many organizations and services worldwide, including banks, airlines, airports, TV stations, and hospitals.
The CrowdStrike glitched update took down entire companies and fleets of hundreds of thousands of devices by crashing Windows systems worldwide with blue screen of death (BSOD) errors.
Comments
5u17yp3 - 2 weeks ago
Starting to see a common theme from product-based security companies related to a lack of sufficient testing for major deployments. Seems to be a result of timelines shrinking for output from development teams. Is this a result of pressure from competition or poor management/training? This is a trend that can't continue. Wondering what steps we will start to see these teams take to prevent similar blunders in the future.
Zurv - 2 weeks ago
What is kinda messed up is me learning about this here and NOT from tenable itself.
This is a show stopper problems. *sigh*
They know our email as they spam sale crap at me all the time.
Cthulhu709 - 1 week ago
It seems organizations, both Crowdstrike and Tenable, are learning the importance of a progressive rollout workflow.
For those wanting to avoid this in the future, use agent profiles, set a group of Canary devices you can afford to lose if an update causes issues, get your rollout approved, then push to one or more other 'general population groups'...
There's two spots to manage what version in the Tenable Manager, you want to use Profiles, not the higher level 'what stream should be delivered' tool.