Upgrade Wazuh components and agent

tk3

Wazuh agent version 4.4 has vulnerability CVE-2023-42463 and we need to use newer version of Wazuh Agent 4.5.3 or later.

When upgrading Wazuh the manager version must always be newer than or equal to the Wazuh agents versions
https://documentation.wazuh.com/current/upgrade-guide/compatibility-matrix/index.html

How to upgrade Wazuh components and agent?

SzymonC

Hi,
Latest version of integrated Wazuh component is still 4.4.4. We are aware of this vulnerability and we're working on integrating upgraded version of Wazuh component.
In theory you could update Wazuh components to version 4.5.x manually, but there's no guarantee that they will work with ELS without issues. If you have option and environment to test it, you may, but I'd still recommend to wait for tested and upgraded version of ELS.
Luckily workaround seems to be working, so there is an option to mitigate this.

Workarounds

Disable <log_format>multiline</log_format> or replace that with <log_format>multiline_regex</log_format>.

SzymonC

On the other hand, I've double checked with Dev and on our demo environment and it seems that 4.5.4 agent is working fine with 4.4.4 manager. Feel free to check that, but here's the screen from our demo with 4.4.4 manager: