Vulnerability Details CVE-2024-52976
Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection.
An attacker requires local access and the ability to modify osqueryd configurations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.6%
CVSS Severity
CVSS v3 Score 4.4
References
Products affected by CVE-2024-52976
-
cpe:2.3:a:elastic:elastic_agent:*
-
cpe:2.3:a:elastic:elastic_agent:8.0.0
-
cpe:2.3:a:elastic:elastic_agent:8.15.0
-
cpe:2.3:a:elastic:elastic_agent:8.6.0
-
cpe:2.3:a:elastic:elastic_agent:8.9.2