CVE-2024-52976

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. An attacker requires local access and the ability to modify osqueryd configurations.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:elastic:elastic_agent::::::::
	cpe:2.3:a:elastic:elastic_agent::::::::

History

01 Oct 2025, 19:28

Type	Values Removed	Values Added
References	~~() https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708 -~~	() https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708 - Patch, Vendor Advisory
CPE		cpe:2.3:a:elastic:elastic_agent::::::::
First Time		Elastic Elastic elastic Agent

02 May 2025, 13:53

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-01 14:15

Updated : 2025-10-01 19:28

NVD link : CVE-2024-52976

Mitre link : CVE-2024-52976

CVE.ORG link : CVE-2024-52976

JSON object : View

Products Affected

elastic

elastic_agent

CWE

CWE-829

Inclusion of Functionality from Untrusted Control Sphere

{"id": "CVE-2024-52976", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "bressers@elastic.co", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-05-01T14:15:35.527", "references": [{"url": "https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708", "tags": ["Patch", "Vendor Advisory"], "source": "bressers@elastic.co"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-829"}]}], "descriptions": [{"lang": "en", "value": "Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection.\n\nAn attacker requires local access and the ability to modify osqueryd configurations."}, {"lang": "es", "value": "La inclusi\u00f3n de funcionalidad de una esfera de control no confiable en el subproceso de Elastic Agent, osqueryd, permite a atacantes locales ejecutar c\u00f3digo arbitrario mediante la inyecci\u00f3n de par\u00e1metros. Un atacante requiere acceso local y la capacidad de modificar las configuraciones de osqueryd."}], "lastModified": "2025-10-01T19:28:58.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF52922C-61CF-4F69-B54F-992FD94FCD2B", "versionEndExcluding": "7.17.25"}, {"criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19F05BEC-1DFF-4ADE-A82C-665B96AA79B5", "versionEndExcluding": "8.15.4", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}