CVE-2024-52976Inclusion of Functionality from Untrusted Control Sphere in Agent

CWE-829Inclusion of Functionality from Untrusted Control Sphere3 documents3 sources
Severity
7.8HIGHNVD
CNA4.4
EPSS
0.1%
top 81.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Agent
Timeline
PublishedMay 1

Description

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. An attacker requires local access and the ability to modify osqueryd configurations.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDelastic/elastic_agent8.0.08.15.4+1
CVEListV5elastic/elastic_agent7.0.07.17.24+1

Patches

Patch: discuss.elastic.co

🔴Vulnerability Details

2
GHSA
GHSA-4xp6-cpfv-9qq6: Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code vi2025-05-01
CVEList
Elastic Agent Inclusion of Functionality from Untrusted Control Sphere2025-05-01
CVE-2024-52976 — Elastic Agent vulnerability | cvebase