Elastic Agent 7.17.25 and 8.15.4 Security Update (ESA-2024-39)

ismisepaul · May 1, 2025, 10:11am

Elastic Agent Inclusion of Functionality from Untrusted Control Sphere (ESA-2024-39)

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection.

An attacker requires local access and the ability to modify osqueryd configurations.

Affected Versions:
Elastic Agent <= 7.17.24 and Elastic Agent <= 8.15.3

Solutions and Mitigations:
The issue is resolved in version 7.17.25 and 8.15.4 or greater.

Severity: CVSSv3.1: 4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N}
CVE ID: CVE-2024-52976

Topic		Replies	Views
Elastic Stack 7.4.0 security update Security Announcements	1	15142	November 4, 2022
Elastic Cloud Enterprise 1.0.2 security update Security Announcements	1	12615	November 4, 2022
Windows 2019: elastic-agent and endpoint security SIEM elastic-agent	1	479	December 15, 2020
Elastic Cloud Enterprise 1.1.4 security update Security Announcements	1	12662	November 4, 2022
Elastic Agent ECK 7.17.0 Work Around doesn't Work Correctly Elastic Cloud on Kubernetes (ECK) docker	6	1094	March 14, 2022

Elastic Agent 7.17.25 and 8.15.4 Security Update (ESA-2024-39)

Related topics