Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-8068

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain

Published

2024-11-12T18:15:47.450

Last Modified

2025-10-24T13:42:34.467

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.0 (HIGH)

Weaknesses

Type: Secondary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	citrix	session_recording	< 2407	Yes
Application	citrix	session_recording	1912	Yes
Application	citrix	session_recording	1912	Yes
Application	citrix	session_recording	1912	Yes
Application	citrix	session_recording	1912	Yes
Application	citrix	session_recording	1912	Yes
Application	citrix	session_recording	1912	Yes
Application	citrix	session_recording	1912	Yes
Application	citrix	session_recording	1912	Yes
Application	citrix	session_recording	1912	Yes
Application	citrix	session_recording	2203	Yes
Application	citrix	session_recording	2203	Yes
Application	citrix	session_recording	2203	Yes
Application	citrix	session_recording	2203	Yes
Application	citrix	session_recording	2203	Yes
Application	citrix	session_recording	2203	Yes
Application	citrix	session_recording	2402	Yes
Application	citrix	session_recording	2407	Yes

References

https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US Vendor Advisory ([email protected])
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8068 US Government Resource (134c704f-9b21-4f2e-91b3-4a467353bcc0)