What you need is to define a superuser with elasticsearch-users CLI. Then use that newly created user to call ChangePassword API to change password for the elastic user.
As @warkolm mentioned, you could use elasticsearch-reset-password if you are on version 8.x, which basically automates the above process for you (it also deletes the newly created user after the password change is completed).