Limited remote code execution with privilege of a NetworkService Account access
CVE-2024-8069

Currently unrated

Key Information:

Vendor: Citrix Session Recording
Status: Citrix Session Recording
Vendor: CVE Published:; 12 November 2024

🔔 Create Citrix Session Recording Vulnerability Alert

Badges

🟣 EPSS 40%📰 News Worthy

What is CVE-2024-8069?

The vulnerability presents an opportunity for authenticated users on the same intranet as the Citrix Session Recording server to execute remote code with the privileges of a NetworkService Account. This can potentially lead to unauthorized data access or modification, emphasizing the need for robust network defenses and user access controls to mitigate the risk of exploitation.

Affected Version(s)

Citrix Session Recording 2407 Current Release < 24.5.200.8

Citrix Session Recording 1912 LTSR

Citrix Session Recording 2203 LTSR

News Articles

CyberSecurityNews

CVE-2024-8068 CVE-2024-8069

Citrix Virtual Apps & Desktops RCE Vulnerability, PoC Exploitation Underway

Security researchers have disclosed critical vulnerabilities in Citrix Virtual Apps and Desktops that could allow remote code execution (RCE) attacks.

References

https://support.citrix.com/s/article/CTX691941-citrix-ses...

EPSS Score

40% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by CyberSecurityNews
Nov 13, 2024
Vulnerability published
Nov 12, 2024