CVE-2024-52976

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

I

nclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. An attacker requires local access and the ability to modify osqueryd configurations.

References

Link	Resource
https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:elastic:elastic_agent::::::::
	cpe:2.3:a:elastic:elastic_agent::::::::

History

01 Oct 2025, 19:28

Type	Values Removed	Values Added
CPE		cpe:2.3:a:elastic:elastic_agent::::::::
Summary		(es) La inclusión de funcionalidad de una esfera de control no confiable en el subproceso de Elastic Agent, osqueryd, permite a atacantes locales ejecutar código arbitrario mediante la inyección de parámetros. Un atacante requiere acceso local y la capacidad de modificar las configuraciones de osqueryd.
First Time		Elastic Elastic elastic Agent
References	~~() https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708 -~~	() https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708 - Patch, Vendor Advisory

01 May 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-01 14:15

Updated : 2025-10-01 19:28

NVD link : CVE-2024-52976

Mitre link : CVE-2024-52976

CVE.ORG link : CVE-2024-52976

JSON object : View

Products Affected

elastic_agent

CWE

CWE-829

Inclusion of Functionality from Untrusted Control Sphere

{"id": "CVE-2024-52976", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-05-01T14:15:35.527", "references": [{"url": "https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-829"}]}], "descriptions": [{"lang": "en", "value": "Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection.\n\nAn attacker requires local access and the ability to modify osqueryd configurations."}, {"lang": "es", "value": "La inclusi\u00f3n de funcionalidad de una esfera de control no confiable en el subproceso de Elastic Agent, osqueryd, permite a atacantes locales ejecutar c\u00f3digo arbitrario mediante la inyecci\u00f3n de par\u00e1metros. Un atacante requiere acceso local y la capacidad de modificar las configuraciones de osqueryd."}], "lastModified": "2025-10-01T19:28:58.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF52922C-61CF-4F69-B54F-992FD94FCD2B", "versionEndExcluding": "7.17.25"}, {"criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19F05BEC-1DFF-4ADE-A82C-665B96AA79B5", "versionEndExcluding": "8.15.4", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}