Elastic Agent 7.17.25 and 8.15.4 Security Update (ESA-2024-39)

ismisepaul · May 1, 2025, 10:11am

Elastic Agent Inclusion of Functionality from Untrusted Control Sphere (ESA-2024-39)

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection.

An attacker requires local access and the ability to modify osqueryd configurations.

Affected Versions:
Elastic Agent <= 7.17.24 and Elastic Agent <= 8.15.3

Solutions and Mitigations:
The issue is resolved in version 7.17.25 and 8.15.4 or greater.

Severity: CVSSv3.1: 4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N}
CVE ID: CVE-2024-52976

Topic	Replies	Views
Elastic Agent / Elastic Endpoint Security Security Update (ESA-2025-03) Security Announcements	1000	May 1, 2025
Elasticsearch 7.17.25 and 8.16.0 Security Update (ESA-2024-40) Security Announcements	2439	May 1, 2025
Elastic Agent 8.15.0 Security Update (ESA-2024-23) Security Announcements	1426	August 8, 2024
Elasticsearch 8.13.0 / 7.17.19 Security Update (ESA-2024-06) Security Announcements	10543	March 27, 2024
Elastic 7.17.9, 8.5.0 and 8.6.1 Security Update Security Announcements	15263	February 3, 2023

Elastic Agent 7.17.25 and 8.15.4 Security Update (ESA-2024-39)

Related topics