CVE-2024-8068 (GCVE-0-2024-8068)
Vulnerability from cvelistv5
Published
2024-11-12 17:49
Modified
2025-08-26 03:55
Severity ?
5.1 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
CWE
  • CWE-269 - Improper Privilege Management
Summary
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
References
secure@citrix.comhttps://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_USVendor Advisory
Impacted products
Vendor Product Version
Citrix Citrix Session Recording Version: 2407 Current Release
Version: 1912 LTSR
Version: 2203 LTSR
Version: 2402 LTSR
 Create a notification for this product.
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2025-08-25

Due date: 2025-09-15

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://support.citrix.com/external/article/691941/citrix-session-recording-security-bullet.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-8068

Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8068",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-14T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-08-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8068"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T03:55:19.049Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2025-08-25T00:00:00+00:00",
            "value": "CVE-2024-8068 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Citrix Session Recording",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "24.5.200.8",
              "status": "affected",
              "version": "2407 Current Release",
              "versionType": "patch"
            },
            {
              "lessThan": "CU9 hotfix 19.12.9100.6",
              "status": "affected",
              "version": "1912 LTSR",
              "versionType": "patch"
            },
            {
              "lessThan": "CU5 hotfix 22.03.5100.11",
              "status": "affected",
              "version": "2203 LTSR",
              "versionType": "patch"
            },
            {
              "lessThan": "CU1 hotfix 24.02.1200.16",
              "status": "affected",
              "version": "2402 LTSR",
              "versionType": "patch"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePrivilege escalation to NetworkService Account access\u003c/span\u003e\u0026nbsp;in Citrix Session Recording when an a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ettacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain \u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Privilege escalation to NetworkService Account access\u00a0in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T17:49:54.285Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Privilege escalation to NetworkService Account access",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2024-8068",
    "datePublished": "2024-11-12T17:49:54.285Z",
    "dateReserved": "2024-08-21T23:22:39.410Z",
    "dateUpdated": "2025-08-26T03:55:19.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-8068",
      "cwes": "[\"CWE-269\"]",
      "dateAdded": "2025-08-25",
      "dueDate": "2025-09-15",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://support.citrix.com/external/article/691941/citrix-session-recording-security-bullet.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-8068",
      "product": "Session Recording",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain.",
      "vendorProject": "Citrix",
      "vulnerabilityName": "Citrix Session Recording Improper Privilege Management Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-8068\",\"sourceIdentifier\":\"secure@citrix.com\",\"published\":\"2024-11-12T18:15:47.450\",\"lastModified\":\"2025-08-26T01:00:02.657\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Privilege escalation to NetworkService Account access\u00a0in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain\"},{\"lang\":\"es\",\"value\":\"Escalada de privilegios para acceder a la cuenta de NetworkService en Citrix Session Recording cuando un atacante es un usuario autenticado en el mismo dominio de Windows Active Directory que el dominio del servidor de grabaci\u00f3n de sesiones\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2025-08-25\",\"cisaActionDue\":\"2025-09-15\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Citrix Session Recording Improper Privilege Management Vulnerability\",\"weaknesses\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"2407\",\"matchCriteriaId\":\"FCF54DB8-BBE4-4E48-9037-6FD0E3E3426E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:-:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"7F7F0822-5777-4970-A81F-2FECDE137E53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu1:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"E0A17B51-A720-4DB7-BF84-CE13B9517C91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu2:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"9BE1BBDB-B867-4B8D-AE55-24D09F0D4EF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu3:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"B4E177A4-F2AF-450F-AC8F-5609E586C654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu4:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"86C686E6-2980-49B3-8229-09EB8F91EDCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu5:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"79E71D63-EB85-4305-8F9D-D1BF7EC71992\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu6:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"A46CDA97-3C7C-45B6-890E-9676F059CD88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu7:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"560A4530-C2D2-4631-A754-6DC97E3F29E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu8:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"A9650D15-919D-4F9E-A54D-9E5174D26B07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2203:-:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"C160123B-9BD5-4B7A-A516-F5A5F97FCC79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2203:cu1:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"3F507C4F-89AE-45DC-A849-44204AD06D09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2203:cu2:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"D40669E2-BE98-420B-98F0-10FBF2EA5E6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2203:cu3:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"72923D9A-96C8-40D7-A630-C3C143A7AEA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2203:cu4:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"133696EC-56AB-4B77-8CFE-C97550886037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2203:cu5:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"73477179-3270-419C-9ACC-26E43A8D3E93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2402:-:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"34A32BF4-B379-46D9-AAE6-85680B5ECA42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2407:-:*:*:-:*:*:*\",\"matchCriteriaId\":\"272D5CE4-4A2F-4417-A274-711FF4115907\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US\",\"source\":\"secure@citrix.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-8068\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-25T17:14:40.868467Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-08-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8068\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-14T16:05:59.946Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-08-25T00:00:00+00:00\", \"value\": \"CVE-2024-8068 added to CISA KEV\"}]}], \"cna\": {\"title\": \"Privilege escalation to NetworkService Account access\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Citrix\", \"product\": \"Citrix Session Recording\", \"versions\": [{\"status\": \"affected\", \"version\": \"2407 Current Release\", \"lessThan\": \"24.5.200.8\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"1912 LTSR\", \"lessThan\": \"CU9 hotfix 19.12.9100.6\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"2203 LTSR\", \"lessThan\": \"CU5 hotfix 22.03.5100.11\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"2402 LTSR\", \"lessThan\": \"CU1 hotfix 24.02.1200.16\", \"versionType\": \"patch\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Privilege escalation to NetworkService Account access\\u00a0in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ePrivilege escalation to NetworkService Account access\u003c/span\u003e\u0026nbsp;in Citrix Session Recording when an a\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ettacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain \u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"shortName\": \"Citrix\", \"dateUpdated\": \"2024-11-12T17:49:54.285Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-8068\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-26T03:55:19.049Z\", \"dateReserved\": \"2024-08-21T23:22:39.410Z\", \"assignerOrgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"datePublished\": \"2024-11-12T17:49:54.285Z\", \"assignerShortName\": \"Citrix\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.