Multiple ACAS Output Data Fields Missing/Unknown

[zeb12234]

Prerequisites

Before submitting a new request, please ensure you have completed the following (replace the space in the box with an "x" to denote that it has been completed)

• I have ensured that I am running the latest release
• The request has not already been reported

Description

Using .nessus files created with scanner version 8.5.1, the Vulnerator output contains the following issues.
• All zeros in the CAT I/II/III fields in the ACAS Asset Insight table (Asset Overview tab).
• Raw Severity Value for all findings is "Unknown" in the POA&M tab and RAR tab.
• Description section in Control Vulnerability Description column (POA&M tab) is empty.
• Threat Description, and Impact Description columns are all empty (RAR tab).
• Impact section shows "unknown" for all items (RAR tab)

System Information

-OS: Windows 10
-Version 6.1.9

Additional Context

Add any other context about the problem here, if applicable.

Attachments

Please provide any relevant attachments, as you see fit (e.g. screenshots); if supplying vulnerability data (e.g. CKL/Nessus files or reports), please ensure that they are sanitized of IP addresses and host names and email them to alex.kuchta@navy.mil - DO NOT POST VULNERABILITY FILES HERE

• Vulnerator Log (required for bugs) - this can be found at C:\Users\%UserName%\AppData\Roaming\Vulnerator\V6Log.txt, where %UserName% is the user profile used to run the application
• Screenshots (optional, SANITIZED/REDACTED)
• Vulnerability Files (optional, SANITIZED AND EMAILED)

[Mr-Mike]

I have the exact same problem after upgrading to Nessus software version 8.5.1, but the issue is not caused by Vulnerator.

Look at all the "Severity="0" entries in the .nessus XML file (ref: https://static.tenable.com/documentation/nessus_v2_file_format.pdf). The DVLs and scan results in SecurityCenter report correct severity, but there is something wrong with the exported .nessus file itself.

I can export a .nessus file that was a result of earlier released versions of Nessus software and Vulnerator parses it correctly, but .nessus files exported from SecurityCenter that ran on Nessus software 8.5.1 are missing the data as listed in the bug report.

It might also be an issue the SecurityCenter requires an upgrade to work with Nessus version 8.5.1.

This Bug has been posted on Tenable BLOG.

[zeb12234]

I have the exact same problem after upgrading to Nessus software version 8.5.1, but the issue is not caused by Vulnerator.

Look at all the "Severity="0" entries in the .nessus XML file (ref: https://static.tenable.com/documentation/nessus_v2_file_format.pdf). The DVLs and scan results in SecurityCenter report correct severity, but there is something wrong with the exported .nessus file itself.

I can export a .nessus file that was a result of earlier released versions of Nessus software and Vulnerator parses it correctly, but .nessus files exported from SecurityCenter that ran on Nessus software 8.5.1 are missing the data as listed in the bug report.

It might also be an issue the SecurityCenter requires an upgrade to work with Nessus version 8.5.1.

This Bug has been posted on Tenable BLOG.

Good find. Do you have a link to the bug report?

[amkuchta]

@zeb12234 @Mr-Mike thank you for the information! I am going to label this as "Not Vulnerator" for now, given the report by @Mr-Mike. In the meantime, I will take a look at the file format from 8.5.1 to make sure that there is no action on my part.

[Mr-Mike]

Nessus 8.5.1 .Nessus Severity Bug

https://community.tenable.com/s/question/0D5f200006X3CVQCA3/nessus-851-nessus-severity-bug

[Mr-Mike]

Try this fix, it might be related to our issue: Nessus Scanners returning with blank results after recent Plugins update

https://community.tenable.com/s/article/Nessus-Scanners-returning-with-blank-results-after-recent-Plugins-update

I need to wait until SC plugins are updated tomorrow, before I can verify if my issue is fixed.

[Mr-Mike]

Validated this is not a Vulnerator issue.

Upgraded to Nessus 8.5.2, updated plugins, then repaired plugins (nessusd -R).

Ran scans directly off Nessus software, then downloaded .nessus file. This file (when processed by Vulnerator) correctly shows severity, severity counts, and description.

Ran same scan using SecurityCenter, downloaded .nessus file. This file (when processed by Vulnerator) is missing severity, severity counts, and description data.

Manually compared .nessus (XML) files. Several data fields are missing in the SecurityCenter .nessus file. However vulnerability data views correctly directly in SecurityCenter, and DVL files are not affected.

We are using an older version of SecurityCenter. Per release notes (https://docs.tenable.com/releasenotes/tenablesc/tenablesc5101.htm), Tenable.sc 5.10.1 is the first version tested with Nessus 8.5.1 (and later).

[amkuchta]

@Mr-Mike thank you for the due diligence! I am going to go ahead and mark this as closed!