New SSH Escalation Type for Checkpoint Gaia

In the spirit of Tenable's continued commitment to excellence, we are changing the way privilege escalation is specified for SSH credentials that target Checkpoint Gaia devices. When support for escalation to expert mode in Gaia scans was first introduced we reused the Cisco enable escalation credential. The difference in escalation commands causes Gaia scans to report failed escalation as device discovery tries different commands including escalated Cisco commands. This change will stop scans that target Gaia from trying Cisco escalation and will eliminate the spurious error reporting.

Impact

Existing scan policies with Cisco enable privilege escalation will still work with Gaia devices, but the invalid escalations will still be reported as escalation failures. To remove these messages customers will have to modify the SSH credentials for their Gaia targeting scan policies to use the new "Checkpoint Gaia 'expert'" escalation type instead.

Going forward the new SSH escalation type should be used for credentials targeting Checkpoint Gaia devices.

Changes

The new escalation type will be available for every SSH credential type that currently offers an escalation credential. This is what the new escalation type looks like:

Target Release Date

4 Oct 2021 - Nessus and Tenable.io

6 Dec 2021 - Tenable.sc