Bad Tenable plugin updates take down Nessus agents worldwide

Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates.

As the cybersecurity company acknowledged in an incident report issued after pausing plugin updates to prevent the issue from impacting even more systems, the agents went offline “for certain users on all sites.”

This ongoing incident affects systems updated to Nessus Agent versions 10.8.0 and 10.8.1 across the Americas, Europe, and Asia. Tenable has since pulled the bad versions and released Nessus Agent version 10.8.2 to fix the issue causing agents to shut down.

In the most recent update on their status page, Tenable said they plan to resume the plugin feed by the end of the day to allow plugin downloads again.

“There is a known issue which can cause Tenable Nessus Agent 10.8.0 and 10.8.1 to go offline when a differential plugin update is triggered. To prevent such an issue, Tenable has disabled plugin feed updates for these two agent versions. Additionally, Tenable has disabled the 10.8.0 and 10.8.1 versions to prevent further issues,” Tenable says in the Nessus Agent 10.8.2 release notes.

Manual upgrades required to bring agents back online

Affected customers must upgrade to agent version 10.8.2 or downgrade to 10.7.3 to bring their Nessus agents back online, but a plugin reset is also required to recover offline agents if agent profiles are used for upgrades or downgrades.

“To fix the above issue, all Tenable Vulnerability Management and Tenable Security Center customers running Tenable Nessus Agent version 10.8.0 or 10.8.1 must either upgrade to agent version 10.8.2 or downgrade to 10.7.3. If you are using agent profiles for agent upgrades or downgrades, you must perform a separate plugin reset to recover any offline agents,” the company added.

However, fixing the issue requires manually upgrading the agents using the Tenable Nessus Agent 10.8.2 install package and, where needed, first resetting agent plugins either using a script (shared in the release notes) or a nessuscli reset command.

In July 2024, a similar incident with a much more significant impact, triggered by a faulty CrowdStrike Falcon update, caused widespread outages that affected many organizations and services worldwide, including banks, airlines, airports, TV stations, and hospitals.

The CrowdStrike glitched update took down entire companies and fleets of hundreds of thousands of devices by crashing Windows systems worldwide with blue screen of death (BSOD) errors.