Vulnerabilites related to citrix - session_recording
CVE-2024-8069 (GCVE-0-2024-8069)
Vulnerability from cvelistv5
Published
2024-11-12 18:01
Modified
2025-08-26 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix Session Recording | Citrix Session Recording |
Version: 2407 Current Release Version: 1912 LTSR Version: 2203 LTSR Version: 2402 LTSR |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8069",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-08-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8069"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T03:55:20.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2025-08-25T00:00:00+00:00",
"value": "CVE-2024-8069 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Session Recording",
"vendor": "Citrix Session Recording",
"versions": [
{
"lessThan": "24.5.200.8",
"status": "affected",
"version": "2407 Current Release",
"versionType": "patch"
},
{
"lessThan": "CU9 hotfix 19.12.9100.6",
"status": "affected",
"version": "1912 LTSR",
"versionType": "patch"
},
{
"lessThan": "CU5 hotfix 22.03.5100.11",
"status": "affected",
"version": "2203 LTSR",
"versionType": "patch"
},
{
"lessThan": "CU1 hotfix 24.02.1200.16",
"status": "affected",
"version": "2402 LTSR",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLimited remote code execution with privilege of a NetworkService Account access\u0026nbsp;\u003c/span\u003ein\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCitrix Session Recording if the a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ettacker is an authenticated user on the same intranet as the session recording server \u003c/span\u003e\u003c/span\u003e"
}
],
"value": "Limited remote code execution with privilege of a NetworkService Account access\u00a0in\u00a0Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:01:15.375Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Limited remote code execution with privilege of a NetworkService Account access",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-8069",
"datePublished": "2024-11-12T18:01:15.375Z",
"dateReserved": "2024-08-21T23:22:40.773Z",
"dateUpdated": "2025-08-26T03:55:20.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8068 (GCVE-0-2024-8068)
Vulnerability from cvelistv5
Published
2024-11-12 17:49
Modified
2025-08-26 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Citrix | Citrix Session Recording |
Version: 2407 Current Release Version: 1912 LTSR Version: 2203 LTSR Version: 2402 LTSR |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8068",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-08-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8068"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T03:55:19.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2025-08-25T00:00:00+00:00",
"value": "CVE-2024-8068 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Citrix Session Recording",
"vendor": "Citrix",
"versions": [
{
"lessThan": "24.5.200.8",
"status": "affected",
"version": "2407 Current Release",
"versionType": "patch"
},
{
"lessThan": "CU9 hotfix 19.12.9100.6",
"status": "affected",
"version": "1912 LTSR",
"versionType": "patch"
},
{
"lessThan": "CU5 hotfix 22.03.5100.11",
"status": "affected",
"version": "2203 LTSR",
"versionType": "patch"
},
{
"lessThan": "CU1 hotfix 24.02.1200.16",
"status": "affected",
"version": "2402 LTSR",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePrivilege escalation to NetworkService Account access\u003c/span\u003e\u0026nbsp;in Citrix Session Recording when an a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ettacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Privilege escalation to NetworkService Account access\u00a0in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T17:49:54.285Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege escalation to NetworkService Account access",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2024-8068",
"datePublished": "2024-11-12T17:49:54.285Z",
"dateReserved": "2024-08-21T23:22:39.410Z",
"dateUpdated": "2025-08-26T03:55:19.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-11-12 18:15
Modified
2025-08-26 01:00
Severity ?
Summary
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | session_recording | * | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 2203 | |
| citrix | session_recording | 2203 | |
| citrix | session_recording | 2203 | |
| citrix | session_recording | 2203 | |
| citrix | session_recording | 2203 | |
| citrix | session_recording | 2203 | |
| citrix | session_recording | 2402 | |
| citrix | session_recording | 2407 |
{
"cisaActionDue": "2025-09-15",
"cisaExploitAdd": "2025-08-25",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Citrix Session Recording Improper Privilege Management Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:session_recording:*:*:*:*:-:*:*:*",
"matchCriteriaId": "FCF54DB8-BBE4-4E48-9037-6FD0E3E3426E",
"versionEndExcluding": "2407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "7F7F0822-5777-4970-A81F-2FECDE137E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu1:*:*:ltsr:*:*:*",
"matchCriteriaId": "E0A17B51-A720-4DB7-BF84-CE13B9517C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu2:*:*:ltsr:*:*:*",
"matchCriteriaId": "9BE1BBDB-B867-4B8D-AE55-24D09F0D4EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu3:*:*:ltsr:*:*:*",
"matchCriteriaId": "B4E177A4-F2AF-450F-AC8F-5609E586C654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu4:*:*:ltsr:*:*:*",
"matchCriteriaId": "86C686E6-2980-49B3-8229-09EB8F91EDCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu5:*:*:ltsr:*:*:*",
"matchCriteriaId": "79E71D63-EB85-4305-8F9D-D1BF7EC71992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "A46CDA97-3C7C-45B6-890E-9676F059CD88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu7:*:*:ltsr:*:*:*",
"matchCriteriaId": "560A4530-C2D2-4631-A754-6DC97E3F29E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu8:*:*:ltsr:*:*:*",
"matchCriteriaId": "A9650D15-919D-4F9E-A54D-9E5174D26B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2203:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "C160123B-9BD5-4B7A-A516-F5A5F97FCC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2203:cu1:*:*:ltsr:*:*:*",
"matchCriteriaId": "3F507C4F-89AE-45DC-A849-44204AD06D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2203:cu2:*:*:ltsr:*:*:*",
"matchCriteriaId": "D40669E2-BE98-420B-98F0-10FBF2EA5E6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2203:cu3:*:*:ltsr:*:*:*",
"matchCriteriaId": "72923D9A-96C8-40D7-A630-C3C143A7AEA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2203:cu4:*:*:ltsr:*:*:*",
"matchCriteriaId": "133696EC-56AB-4B77-8CFE-C97550886037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2203:cu5:*:*:ltsr:*:*:*",
"matchCriteriaId": "73477179-3270-419C-9ACC-26E43A8D3E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2402:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "34A32BF4-B379-46D9-AAE6-85680B5ECA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2407:-:*:*:-:*:*:*",
"matchCriteriaId": "272D5CE4-4A2F-4417-A274-711FF4115907",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation to NetworkService Account access\u00a0in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain"
},
{
"lang": "es",
"value": "Escalada de privilegios para acceder a la cuenta de NetworkService en Citrix Session Recording cuando un atacante es un usuario autenticado en el mismo dominio de Windows Active Directory que el dominio del servidor de grabaci\u00f3n de sesiones"
}
],
"id": "CVE-2024-8068",
"lastModified": "2025-08-26T01:00:02.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "secure@citrix.com",
"type": "Secondary"
}
]
},
"published": "2024-11-12T18:15:47.450",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-12 18:15
Modified
2025-08-26 14:44
Severity ?
Summary
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | session_recording | * | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 1912 | |
| citrix | session_recording | 2203 | |
| citrix | session_recording | 2203 | |
| citrix | session_recording | 2203 | |
| citrix | session_recording | 2203 | |
| citrix | session_recording | 2203 | |
| citrix | session_recording | 2402 | |
| citrix | session_recording | 2407 |
{
"cisaActionDue": "2025-09-15",
"cisaExploitAdd": "2025-08-25",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Citrix Session Recording Deserialization of Untrusted Data Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:session_recording:*:*:*:*:-:*:*:*",
"matchCriteriaId": "FCF54DB8-BBE4-4E48-9037-6FD0E3E3426E",
"versionEndExcluding": "2407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "7F7F0822-5777-4970-A81F-2FECDE137E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu1:*:*:ltsr:*:*:*",
"matchCriteriaId": "E0A17B51-A720-4DB7-BF84-CE13B9517C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu2:*:*:ltsr:*:*:*",
"matchCriteriaId": "9BE1BBDB-B867-4B8D-AE55-24D09F0D4EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu3:*:*:ltsr:*:*:*",
"matchCriteriaId": "B4E177A4-F2AF-450F-AC8F-5609E586C654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu4:*:*:ltsr:*:*:*",
"matchCriteriaId": "86C686E6-2980-49B3-8229-09EB8F91EDCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu5:*:*:ltsr:*:*:*",
"matchCriteriaId": "79E71D63-EB85-4305-8F9D-D1BF7EC71992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "A46CDA97-3C7C-45B6-890E-9676F059CD88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu7:*:*:ltsr:*:*:*",
"matchCriteriaId": "560A4530-C2D2-4631-A754-6DC97E3F29E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu8:*:*:ltsr:*:*:*",
"matchCriteriaId": "A9650D15-919D-4F9E-A54D-9E5174D26B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2203:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "C160123B-9BD5-4B7A-A516-F5A5F97FCC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2203:cu1:*:*:ltsr:*:*:*",
"matchCriteriaId": "3F507C4F-89AE-45DC-A849-44204AD06D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2203:cu2:*:*:ltsr:*:*:*",
"matchCriteriaId": "D40669E2-BE98-420B-98F0-10FBF2EA5E6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2203:cu3:*:*:ltsr:*:*:*",
"matchCriteriaId": "72923D9A-96C8-40D7-A630-C3C143A7AEA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2203:cu4:*:*:ltsr:*:*:*",
"matchCriteriaId": "133696EC-56AB-4B77-8CFE-C97550886037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2402:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "34A32BF4-B379-46D9-AAE6-85680B5ECA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:session_recording:2407:-:*:*:-:*:*:*",
"matchCriteriaId": "272D5CE4-4A2F-4417-A274-711FF4115907",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Limited remote code execution with privilege of a NetworkService Account access\u00a0in\u00a0Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server"
},
{
"lang": "es",
"value": "Ejecuci\u00f3n remota limitada de c\u00f3digo con privilegio de acceso a una cuenta de servicio de red en la grabaci\u00f3n de sesiones de Citrix si el atacante es un usuario autenticado en la misma intranet que el servidor de grabaci\u00f3n de sesiones"
}
],
"id": "CVE-2024-8069",
"lastModified": "2025-08-26T14:44:23.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "secure@citrix.com",
"type": "Secondary"
}
]
},
"published": "2024-11-12T18:15:47.603",
"references": [
{
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US"
}
],
"sourceIdentifier": "secure@citrix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "secure@citrix.com",
"type": "Secondary"
}
]
}