Potential exposure to XZ Utils SSH Backdoor (CVE-2024-3094)

critical Nessus Plugin ID 192708

Version 1.61

Nov 22, 2024, 6:54 PM

  • Logic Changes (Fixed installation reporting)

Plugin Feed: 202411221854

Version 1.60

Nov 12, 2024, 8:29 PM

  • Logic Changes (Adding installs report)

Plugin Feed: 202411122029

Version 1.58

Nov 7, 2024, 8:25 PM

  • Logic Changes

Plugin Feed: 202411072025

Version 1.57

Nov 6, 2024, 2:41 PM

  • Detection (adding support for Forescout CounterACT)

Plugin Feed: 202411061441

Version 1.56

Oct 30, 2024, 4:21 PM

  • Detection (Process file exclusion wildcards in a consistent way across find, locate, etc.)

Plugin Feed: 202410301621

Version 1.55

Oct 29, 2024, 8:44 PM

  • Logic Changes (Extend structured reporting to vcf_extras)

Plugin Feed: 202410292044

Version 1.53

Oct 23, 2024, 3:47 PM

  • Plugin metadata (update thorough_tests attribute)

Plugin Feed: 202410231547

Version 1.49

Oct 10, 2024, 11:57 PM

  • New

Plugin Feed: 202410102357

Version 1.48

Oct 10, 2024, 4:58 AM

  • Detection (Change dir to $HOME before find commands to handle weird find behavior with escalation.)

Plugin Feed: 202410100458

Version 1.47

Oct 9, 2024, 5:56 PM

  • Logic Changes (Corrects vulnerability-finding structured data tags to include the port.)

Plugin Feed: 202410091756

Version 1.43

Oct 3, 2024, 6:29 PM

  • Detection (Adding hardware constraint support to VCF and UCF)

Plugin Feed: 202410031829

Version 1.42

Oct 2, 2024, 4:10 PM

  • Logic Changes (Adds structured data reports to a subset of manual plugins.)

Plugin Feed: 202410021610

Version 1.41

Sep 26, 2024, 4:34 PM

  • Detection (adding package association overrides)

Plugin Feed: 202409261634

Version 1.40

Sep 25, 2024, 3:12 PM

  • Detection (Adding support for user-supplied timeout value for the find command.)

Plugin Feed: 202409251512

Version 1.37

Sep 11, 2024, 5:35 PM

  • New (Detects QUIC servers running on the target. Implement a NASL QUIC library to support detection of HTTP/3 and possibly more)

Plugin Feed: 202409111735

Version 1.36

Sep 10, 2024, 4:59 PM

  • New

Plugin Feed: 202409101659

Version 1.35

Sep 3, 2024, 11:47 PM

  • Logic Changes (additional data collection for runtime scanning. fixed logic bug causing potential false negatives. fixed logic bug causing potential false positives. fixed logic bug with potential to break cyberark logins)

Plugin Feed: 202409032347

Version 1.33

Sep 3, 2024, 5:26 PM

  • Detection (Support for Aruba CPPM SSH based local checks)

Plugin Feed: 202409031726

Version 1.32

Aug 14, 2024, 8:33 PM

  • Logic Changes (Endianness fix in Kerberos authentication for SCAP scanning)

Plugin Feed: 202408142033

Version 1.31

Aug 14, 2024, 2:40 AM

  • New
  • Plugin requirements (Trusted)

Plugin Feed: 202408140240

Version 1.29

Aug 8, 2024, 4:43 PM

  • Logic Changes (Support OpenSSH private key formats for authentication.)

Plugin Feed: 202408081643

Version 1.25

Jul 24, 2024, 6:31 PM

  • Logic Changes (Modernize SSH usage to optimize behavior on Nessus Agents.. adding AI family)

Plugin Feed: 202407241831

Version 1.24

Jul 23, 2024, 9:24 PM

  • New

Plugin Feed: 202407232124

Version 1.22

Jul 17, 2024, 11:02 PM

  • Logic Changes

Plugin Feed: 202407172302

Version 1.21

Jul 6, 2024, 12:22 AM

  • Detection (Changes to support Juniper Session Smart Router)

Plugin Feed: 202407060022

Version 1.20

Jul 5, 2024, 9:04 PM

  • Detection (Adding detection of Juniper SSR devices)

Plugin Feed: 202407052104

Version 1.19

Jun 27, 2024, 9:09 PM

  • New (Deploy nessus_utils binaries on the Nessus Agent)

Plugin Feed: 202406272109

Version 1.16

Jun 21, 2024, 6:31 PM

  • Detection (updated detection for SonicOS devices)

Plugin Feed: 202406211831

Version 1.15

Jun 21, 2024, 2:16 PM

  • Logic Changes

Plugin Feed: 202406211416

Version 1.14

Jun 14, 2024, 7:07 PM

  • Logic Changes (added additional check for command failures.)

Plugin Feed: 202406141907

Version 1.12

Jun 7, 2024, 12:28 PM

  • STIG Severity
  • IAVM reference

Plugin Feed: 202406071228

Version 1.10

May 20, 2024, 10:13 AM

  • Logic Changes

Plugin Feed: 202405201013

Version 1.9

May 9, 2024, 6:10 PM

  • New

Plugin Feed: 202405091810

Version 1.6

Apr 3, 2024, 1:48 PM

  • Exploit attributes ("Exploited by malware" set to "True")
  • CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C")

Plugin Feed: 202404031348

Version 1.5

Apr 2, 2024, 10:16 PM

  • Detection (added alternative commands for IOC detection)

Plugin Feed: 202404022216

Version 1.3

Apr 1, 2024, 3:13 PM

  • Exploit attributes ("Exploit available" set to "True". "Exploitability ease" set to "Exploits are available")
  • CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C")

Plugin Feed: 202404011513

Version 1.2

Mar 31, 2024, 9:46 PM

  • Detection (tightening of the check for return conditions from the hexdump command)

Plugin Feed: 202403312146

Version 1.1

Mar 30, 2024, 4:20 PM

  • New

Plugin Feed: 202403301620

Version 1.0

Mar 30, 2024, 1:01 AM

  • New

Plugin Feed: 202403300101

* Changelogs are generally available for changes made after Nov 1, 2022