Nessus 8.14.0 Release Notes - 2021-04-05

New Features

The following are the new features included in Nessus 8.14.0:

CVSSv2 and CVSSv3 Support: Configurable Severity Base

  • You can choose whether Nessus calculates the severity of vulnerabilities using CVSSv2 or CVSSv3 scores by configuring your default severity base setting. When you change the default severity base, the change applies to all existing scans that are configured with the default severity base. Future scans also use the default severity base. For more information, see Configure Your Default Severity Base in the Nessus User Guide.

  • You can also configure individual scans to use a particular severity base, which overrides the default severity base for those scan results. For more information, see Configure Severity Base for an Individual Scan in the Nessus User Guide.

  • By default, new installations of Nessus 8.14 or later use CVSSv3 scores (when available) to calculate severity for vulnerabilities. Preexisting upgraded installations from earlier than 8.14 retain the previous default of CVSSv2 scores.

VPR Support for Nessus

  • Vulnerability Priority Rating (VPR), the output of Tenable Predictive Prioritization, is a dynamic companion to the data provided by the vulnerability's CVSS score, since Tenable updates the VPR to reflect the current threat landscape. VPR helps organizations improve their remediation efficiency and effectiveness by rating vulnerabilities based on severity level – Critical, High, Medium and Low. For more information, see CVSS Scores vs. VPR in the Nessus User Guide.

  • You can now view a new tab for scan results, Top Threats by VPR,  which displays the 10 most severe vulnerabilities as determined by their VPR score. For more information, see View VPR Top Threats in the Nessus User Guide.

  • VPR is a dynamic score that changes over time to reflect the current threat landscape. However, VPR Top Threats reflect the VPR score for the vulnerability at the time the scan was run. To get updated VPR scores for vulnerabilities in a scan, re-run the scan.

  • To ensure VPR data is available for your scans, enable plugin updates.

Top 10 Vulnerabilities Report

  • Customers can leverage Nessus Professional reporting capabilities to quickly understand and easily communicate the Top 10 vulnerabilities found in a scan. This helps to identify what vulnerabilities need to be remediated first and eliminates additional work of exporting and manually sending out this information. The report includes:

    • Top 10 Critical Vulnerabilities based on VPR and CVSSv2 or CVSSv3 for that scan.

    • Top 10 High Vulnerabilities based on VPR and CVSSv2 or CVSSv3 for that scan.

    • Most Prevalent Plugins by Number of Hosts by VPR and CVSSv2 or CVSSv3 for that scan.

    For more information, see the Nessus Top 10 Vulnerabilities report details.

Apple M1 Chip Support

  • Nessus now can be run as a native application on the Apple M1 chip without the need of running it in compatibility mode.

New plugin release notes

  • Tenable releases Nessus plugins multiple times a day. You can access a list of recently updated plugins directly from Nessus.

Changed Functionality and Performance Enhancements

The following additional enhancements are included in Nessus 8.14.0:

  • The Nessus user interface was updated to use more inclusive language.

  • Nessus backups now include concatenated certificate container .pem files.

Security Updates

Bug Fixes

Bug Fix Defect ID Applies to
Fixed an issue with Nessus agent clustering where not all agent results were shown correctly in the UI when under heavy load, due to DB lock and network connection issues. 01171932, 01154655, 01151990, 01127708 Nessus Manager
Fixed an issue where group settings would not get honored when linking agents to a clustered Nessus Manager. 01146420, 01128804 Nessus Manager
Fixed an issue where agent scans could get aborted if the node it was linked to performed a plugin update while the scan was active. 01110648, 01130429, 01139329 Nessus Manager
Fixed an issue that, in very rare cases, could cause Nessus to crash on the first day of each month when attempting to run scheduled scans. 00947418 All Nessus versions
Corrected the URL displayed for offline Nessus activation to use HTTPS instead of HTTP. 01157224 Nessus Professional, Managed Scanners
Added UI support for specifying an IPv6 address when configuring a proxy server to link a managed scanner. 01121193 Managed scanners
Corrected the online API documentation for the /api#/resources/scans/configure to note that the "name" field is required. 01124234 All Nessus instances

Upgrade Notes

  • You can upgrade to the latest version of Nessus from any previously supported version.
  • If your upgrade path skips versions of Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • Tenable.io-linked scanners receive the latest software update starting one week after the Nessus general availability (GA) date.

    • If you want your scanners to automatically update to the newest version prior to that date, set your Nessus Update Plan to Opt in to Early Access releases.
    • If you want to manually update your scanners to the latest version prior to that date, disable automatic updates so the scanner does not automatically downgrade to the previous version.
  • For Nessus 8.8.0 and later running on Windows, you must install Visual C++ Redistributable for Visual Studio 2015 on the host operating system. The following Windows versions require a minimum Service Pack to be installed:

    • Windows 7 SP1
    • Windows Server 2008 SP2
    • Windows Server 2008 R2 SP1