Tenable Addresses Critical Nessus Scanner Outage: Manual Upgrades Required

Cybersecurity leader Tenable has announced that customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st. This incident stems from buggy differential plugin updates affecting systems worldwide.

The Cause and Impact of the Outage

Tenable issued an incident report after pausing plugin updates to prevent further disruptions. According to the report, the agents went offline “for certain users on all sites” across the Americas, Europe, and Asia.

This issue affects systems updated to Nessus Agent versions 10.8.0 and 10.8.1. Tenable quickly pulled these versions and released Nessus Agent version 10.8.2 to resolve the problem.

Steps to Recover Offline Agents

Affected customers must upgrade to agent version 10.8.2 or downgrade to 10.7.3 to bring their Nessus agents back online. However, a plugin reset is also necessary to recover agents if using agent profiles for upgrades or downgrades.

Tenable advises all Tenable Vulnerability Management and Security Center customers running Nessus Agent version 10.8.0 or 10.8.1 to either upgrade to agent version 10.8.2 or downgrade to 10.7.3. If using agent profiles, perform a separate plugin reset.

The manual upgrade process requires users to use the Tenable Nessus Agent 10.8.2 install package. Additionally, reset agent plugins using a script included in the release notes or a nessuscli reset command.

Preventive Measures and Best Practices

To prevent similar issues in the future, Tenable has disabled plugin feed updates and versions 10.8.0 and 10.8.1. The company plans to resume plugin feed updates by the end of the day, allowing further plugin downloads.

“There is a known issue which can cause Tenable Nessus Agent 10.8.0 and 10.8.1 to go offline when a differential plugin update is triggered,” Tenable states in the Nessus Agent 10.8.2 release notes. “To prevent such an issue, Tenable has disabled plugin feed updates for these two agent versions. Additionally, Tenable has disabled the 10.8.0 and 10.8.1 versions to prevent further issues.”

Historical Context: A Cautionary Tale

In July 2024, a similarly severe incident occurred with CrowdStrike Falcon, causing widespread outages affecting various organizations. This faulty update triggered blue screen of death (BSOD) errors on Windows systems worldwide, affecting banks, airlines, airports, TV stations, and hospitals.

The CrowdStrike glitch not only took down entire companies but also impacted fleets of devices, emphasizing the critical importance of careful software updates and immediate response measures by cybersecurity vendors.

Conclusion: Acting Quickly to Regain Control

The recent Tenable Nessus scanner outage highlights the vulnerabilities inherent in complex software ecosystems and the critical need for timely updates and user intervention. By understanding the steps required to recover offline agents and implementing best practices for future updates, organizations can minimize downtime and ensure robust cybersecurity.

With the manual upgrade process now in place, customers are encouraged to act swiftly to restore their Nessus agents and avoid further disruptions.

Stay informed about the latest cybersecurity updates and best practices. Subscribe to our newsletter or follow us on social media to get the latest news and insights.

We welcome your feedback and insights. Leave a comment below to join the conversation.

Share this article on your social media platforms to help others stay informed about this critical issue.

Thank you for reading. Stay safe and secure online.