@warkolm This is default ES version provided with Open Edx. It's installed by ansible tasks. I'll ask on Edx's mailbox if there's any special reason why they are still using this old version and if updating ES won't mess up something into Edx.
Thank you @magnusbaeck for pointing me on this security breach, I didn't noticied it. I am not running any script on my ES cluster and don't intend to use this functionality later. Fortunately, my cluster is not installed on a production server.
I will get a look on the documentation links provided by @mainec in order to secure it.
Thanks guys for your time and help. I will keep updated.