Tenable, a leading cybersecurity company, has acknowledged a widespread issue that rendered its Nessus vulnerability scanner agents offline. The incident, which began on December 31, 2024, was caused by buggy differential plugin updates. Affected customers must now take manual steps to bring their systems back online.
What Went Wrong with Nessus Agents?
The problem arose after plugin updates were applied to Nessus Agent versions 10.8.0 and 10.8.1. As per Tenable’s incident report, the updates disrupted agents for “certain users on all sites,” leading to a global outage that affected systems in the Americas, Europe, and Asia. In response, Tenable paused plugin updates to prevent the issue from spreading further.
Tenable has since released Nessus Agent version 10.8.2 to address the problem, pulling the flawed versions from circulation. The company announced plans to resume plugin feed updates by the end of the day, ensuring that future updates can be downloaded without triggering new issues.
Manual Upgrades: A Necessary Step for Recovery
While the new agent version fixes the problem, recovering affected systems requires manual intervention. Customers must either:
- Upgrade their agents to version 10.8.2.
- Downgrade to the older, stable version 10.7.3.
However, for those using agent profiles for upgrades or downgrades, the recovery process also includes a plugin reset. This step is crucial to bringing the offline agents back into operation.
Tenable provided detailed instructions for users, including:
- Downloading and installing the Nessus Agent 10.8.2 package.
- Resetting plugins using a shared script or the
nessuscli reset
command.
The process may be cumbersome, but it’s the only solution to restore functionality.
Broader Implications for Cybersecurity
This isn’t the first time a software update has caused chaos on a global scale. In July 2024, a faulty CrowdStrike Falcon update triggered blue screen of death (BSOD) errors across hundreds of thousands of Windows systems worldwide. The incident brought down banks, airlines, hospitals, and other critical infrastructures.
While the Tenable issue hasn’t reached the same level of disruption, it highlights a persistent challenge in the cybersecurity industry: balancing rapid deployment with rigorous testing. Faulty updates can jeopardize not just individual systems but entire networks and services.
To manage this incident effectively, Tenable has advised users to take the following steps:
- Upgrade Agents: Move to Nessus Agent version 10.8.2 to prevent further disruptions.
- Downgrade if Necessary: For those unable to upgrade, version 10.7.3 remains a stable fallback.
- Reset Plugins: Perform a plugin reset if agent profiles are used.
Here’s a quick checklist for affected organizations:
- Ensure access to the necessary installation packages.
- Verify agent versions and take appropriate upgrade or downgrade actions.
- Reset plugins manually using Tenable’s provided tools.
This recovery process, while inconvenient, is critical for regaining operational functionality.
Tenable’s swift response—pulling the faulty updates and providing a fixed version—has helped limit the damage. However, this incident underscores the need for robust quality control in software updates, especially for tools as critical as vulnerability scanners.