CVE-2024-8068

Warnung

EPSS 3.03%
Veröffentlicht 12.11.2024 18:15:47
Zuletzt bearbeitet 26.08.2025 01:00:02
Quelle secure@citrix.com
Teams Watchlist Login
Unerledigt Login

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Citrix ≫ Session Recording SwEdition- Version < 2407

Citrix ≫ Session Recording Version1912 Update- SwEditionltsr

Citrix ≫ Session Recording Version1912 Updatecu1 SwEditionltsr

Citrix ≫ Session Recording Version1912 Updatecu2 SwEditionltsr

Citrix ≫ Session Recording Version1912 Updatecu3 SwEditionltsr

Citrix ≫ Session Recording Version1912 Updatecu4 SwEditionltsr

Citrix ≫ Session Recording Version1912 Updatecu5 SwEditionltsr

Citrix ≫ Session Recording Version1912 Updatecu6 SwEditionltsr

Citrix ≫ Session Recording Version1912 Updatecu7 SwEditionltsr

Citrix ≫ Session Recording Version1912 Updatecu8 SwEditionltsr

Citrix ≫ Session Recording Version2203 Update- SwEditionltsr

Citrix ≫ Session Recording Version2203 Updatecu1 SwEditionltsr

Citrix ≫ Session Recording Version2203 Updatecu2 SwEditionltsr

Citrix ≫ Session Recording Version2203 Updatecu3 SwEditionltsr

Citrix ≫ Session Recording Version2203 Updatecu4 SwEditionltsr

Citrix ≫ Session Recording Version2203 Updatecu5 SwEditionltsr

Citrix ≫ Session Recording Version2402 Update- SwEditionltsr

Citrix ≫ Session Recording Version2407 Update- SwEdition-

25.08.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Citrix Session Recording Improper Privilege Management Vulnerability

Schwachstelle

Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.03%	0.861

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8	2.1	5.9	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secure@citrix.com	5.1	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-8068

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8068

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8068

EUVD