Elastic Agent 7.17.25 and 8.15.4 Security Update (ESA-2024-39)

Elastic Agent Inclusion of Functionality from Untrusted Control Sphere (ESA-2024-39)

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection.

An attacker requires local access and the ability to modify osqueryd configurations.

Affected Versions:
Elastic Agent <= 7.17.24 and Elastic Agent <= 8.15.3

Solutions and Mitigations:
The issue is resolved in version 7.17.25 and 8.15.4 or greater.

Severity: CVSSv3.1: 4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N}
CVE ID: CVE-2024-52976