CVE-2024-52976

Summary

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection.

An attacker requires local access and the ability to modify osqueryd configurations.

Affected Software

VendorProductVersion RangeStatus
ElasticElastic Agent7.0.0 <= 7.17.24affected
ElasticElastic Agent8.0.0 <= 8.15.3affected

Weaknesses

  • CWE-829: CWE-829 Inclusion of Functionality from Untrusted Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References