CVE-2024-8068

Summary

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain

Affected Software

VendorProductVersion RangeStatus
CitrixCitrix Session Recording2407 Current Release < 24.5.200.8affected
CitrixCitrix Session Recording1912 LTSR < CU9 hotfix 19.12.9100.6affected
CitrixCitrix Session Recording2203 LTSR < CU5 hotfix 22.03.5100.11affected
CitrixCitrix Session Recording2402 LTSR < CU1 hotfix 24.02.1200.16affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References