Limited remote code execution with privilege of a NetworkService Account access
CVE-2024-8069

Currently unrated

Key Information:

Vendor: Citrix Session Recording
Status: Citrix Session Recording
Vendor: CVE Published:; 12 November 2024

Badges

📰 News Worthy

Summary

The vulnerability presents an opportunity for authenticated users on the same intranet as the Citrix Session Recording server to execute remote code with the privileges of a NetworkService Account. This can potentially lead to unauthorized data access or modification, emphasizing the need for robust network defenses and user access controls to mitigate the risk of exploitation.

Affected Version(s)

Citrix Session Recording 2407 Current Release < 24.5.200.8

Citrix Session Recording 1912 LTSR

Citrix Session Recording 2203 LTSR

News Articles

CyberSecurityNews

CVE-2024-8068 CVE-2024-8069

Citrix Virtual Apps & Desktops RCE Vulnerability, PoC Exploitation Underway

Security researchers have disclosed critical vulnerabilities in Citrix Virtual Apps and Desktops that could allow remote code execution (RCE) attacks.

2 months ago

References

https://support.citrix.com/s/article/CTX691941-citrix-ses...

Timeline

📰
First article discovered by CyberSecurityNews
Nov 13, 2024
Vulnerability published
Nov 12, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)