BleepingComputer reports that Elastic has repudiated AshES Cybersecurity's blog post alleging a zero-day remote code execution flaw within its Defend endpoint detection and response solution.
While AshES Cybersecurity noted Elastic Defender's kernel driver to have been affected by a NULL pointer dereference bug, which could be exploited for EDR monitoring evasion, RCE, and persistence, such an issue has not been reproduced by Elastic. "Elastic Security Engineering and our bug bounty triage team completed a thorough analysis trying to reproduce these reports and were unable to do so. Researchers are required to share reproducible proof-of-concepts; however, they declined," said Elastic. Despite rejecting the findings of AshES Cybersecurity, which confirmed their non-delivery of the PoC to the enterprise search and security firm, Elastic emphasized its commitment to addressing security reports. Over $600,000 in bounties have already been provided by the company to researchers who have discovered vulnerabilities across its offerings since 2017.
While AshES Cybersecurity noted Elastic Defender's kernel driver to have been affected by a NULL pointer dereference bug, which could be exploited for EDR monitoring evasion, RCE, and persistence, such an issue has not been reproduced by Elastic. "Elastic Security Engineering and our bug bounty triage team completed a thorough analysis trying to reproduce these reports and were unable to do so. Researchers are required to share reproducible proof-of-concepts; however, they declined," said Elastic. Despite rejecting the findings of AshES Cybersecurity, which confirmed their non-delivery of the PoC to the enterprise search and security firm, Elastic emphasized its commitment to addressing security reports. Over $600,000 in bounties have already been provided by the company to researchers who have discovered vulnerabilities across its offerings since 2017.
