Privilege Escalation in Citrix Session Recording

Summary

Security researchers have discovered critical vulnerabilities in Citrix Virtual Apps and Desktops that could potentially allow remote code execution (RCE) attacks. The vulnerabilities tracked as CVE-2024-8068 and CVE-2024-8069 affect the Session Recording component of Citrix Virtual Apps and Desktops, and researchers have observed proof-of-concept (PoC) exploitation attempts in the wild. These vulnerabilities stem from Citrix’s use of BinaryFormatter, and successful exploitation requires an attacker to be an authenticated user in the same Windows Active Directory domain as the session recording server. However, there are warnings of potential unauthenticated RCE as well. Citrix has released patches to address the vulnerabilities and urges customers to install the updates as soon as possible. Security teams are advised to prioritize patching and review logs for any signs of exploitation attempts, as well as consider additional network segmentation to limit potential exposure.

News Articles

CyberSecurityNews

CVE-2024-8068CVE-2024-8069

Citrix Virtual Apps & Desktops RCE Vulnerability, PoC Exploitation Underway

Security researchers have disclosed critical vulnerabilities in Citrix Virtual Apps and Desktops that could allow remote code execution (RCE) attacks.

2 weeks ago