CVE-2024-8069 (GCVE-0-2024-8069)
Vulnerability from cvelistv5
Published
2024-11-12 18:01
Modified
2025-08-26 03:55
Severity ?
5.1 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
CWE
  • CWE-502 - Deserialization of Untrusted Data
Summary
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server
References
secure@citrix.comhttps://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_USVendor Advisory
Impacted products
Vendor Product Version
Citrix Session Recording Citrix Session Recording Version: 2407 Current Release
Version: 1912 LTSR
Version: 2203 LTSR
Version: 2402 LTSR
 Create a notification for this product.
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2025-08-25

Due date: 2025-09-15

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://support.citrix.com/external/article/691941/citrix-session-recording-security-bullet.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-8069

Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8069",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-14T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-08-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8069"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T03:55:20.543Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2025-08-25T00:00:00+00:00",
            "value": "CVE-2024-8069 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Citrix Session Recording",
          "vendor": "Citrix Session Recording",
          "versions": [
            {
              "lessThan": "24.5.200.8",
              "status": "affected",
              "version": "2407 Current Release",
              "versionType": "patch"
            },
            {
              "lessThan": "CU9 hotfix 19.12.9100.6",
              "status": "affected",
              "version": "1912 LTSR",
              "versionType": "patch"
            },
            {
              "lessThan": "CU5 hotfix 22.03.5100.11",
              "status": "affected",
              "version": "2203 LTSR",
              "versionType": "patch"
            },
            {
              "lessThan": "CU1 hotfix 24.02.1200.16",
              "status": "affected",
              "version": "2402 LTSR",
              "versionType": "patch"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLimited remote code execution with privilege of a NetworkService Account access\u0026nbsp;\u003c/span\u003ein\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCitrix Session Recording if the a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ettacker is an authenticated user on the same intranet as the session recording server \u003c/span\u003e\u003c/span\u003e"
            }
          ],
          "value": "Limited remote code execution with privilege of a NetworkService Account access\u00a0in\u00a0Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T18:01:15.375Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Limited remote code execution with privilege of a NetworkService Account access",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2024-8069",
    "datePublished": "2024-11-12T18:01:15.375Z",
    "dateReserved": "2024-08-21T23:22:40.773Z",
    "dateUpdated": "2025-08-26T03:55:20.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-8069",
      "cwes": "[\"CWE-502\"]",
      "dateAdded": "2025-08-25",
      "dueDate": "2025-09-15",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://support.citrix.com/external/article/691941/citrix-session-recording-security-bullet.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-8069",
      "product": "Session Recording",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server.",
      "vendorProject": "Citrix",
      "vulnerabilityName": "Citrix Session Recording Deserialization of Untrusted Data Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-8069\",\"sourceIdentifier\":\"secure@citrix.com\",\"published\":\"2024-11-12T18:15:47.603\",\"lastModified\":\"2025-08-26T14:44:23.440\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Limited remote code execution with privilege of a NetworkService Account access\u00a0in\u00a0Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server\"},{\"lang\":\"es\",\"value\":\"Ejecuci\u00f3n remota limitada de c\u00f3digo con privilegio de acceso a una cuenta de servicio de red en la grabaci\u00f3n de sesiones de Citrix si el atacante es un usuario autenticado en la misma intranet que el servidor de grabaci\u00f3n de sesiones\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2025-08-25\",\"cisaActionDue\":\"2025-09-15\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Citrix Session Recording Deserialization of Untrusted Data Vulnerability\",\"weaknesses\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"2407\",\"matchCriteriaId\":\"FCF54DB8-BBE4-4E48-9037-6FD0E3E3426E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:-:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"7F7F0822-5777-4970-A81F-2FECDE137E53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu1:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"E0A17B51-A720-4DB7-BF84-CE13B9517C91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu2:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"9BE1BBDB-B867-4B8D-AE55-24D09F0D4EF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu3:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"B4E177A4-F2AF-450F-AC8F-5609E586C654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu4:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"86C686E6-2980-49B3-8229-09EB8F91EDCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu5:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"79E71D63-EB85-4305-8F9D-D1BF7EC71992\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu6:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"A46CDA97-3C7C-45B6-890E-9676F059CD88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu7:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"560A4530-C2D2-4631-A754-6DC97E3F29E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:1912:cu8:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"A9650D15-919D-4F9E-A54D-9E5174D26B07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2203:-:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"C160123B-9BD5-4B7A-A516-F5A5F97FCC79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2203:cu1:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"3F507C4F-89AE-45DC-A849-44204AD06D09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2203:cu2:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"D40669E2-BE98-420B-98F0-10FBF2EA5E6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2203:cu3:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"72923D9A-96C8-40D7-A630-C3C143A7AEA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2203:cu4:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"133696EC-56AB-4B77-8CFE-C97550886037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2402:-:*:*:ltsr:*:*:*\",\"matchCriteriaId\":\"34A32BF4-B379-46D9-AAE6-85680B5ECA42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:session_recording:2407:-:*:*:-:*:*:*\",\"matchCriteriaId\":\"272D5CE4-4A2F-4417-A274-711FF4115907\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US\",\"source\":\"secure@citrix.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-8069\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-25T17:14:33.439839Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-08-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8069\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-13T15:33:45.562Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-08-25T00:00:00+00:00\", \"value\": \"CVE-2024-8069 added to CISA KEV\"}]}], \"cna\": {\"title\": \"Limited remote code execution with privilege of a NetworkService Account access\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Citrix Session Recording\", \"product\": \"Citrix Session Recording\", \"versions\": [{\"status\": \"affected\", \"version\": \"2407 Current Release\", \"lessThan\": \"24.5.200.8\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"1912 LTSR\", \"lessThan\": \"CU9 hotfix 19.12.9100.6\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"2203 LTSR\", \"lessThan\": \"CU5 hotfix 22.03.5100.11\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"2402 LTSR\", \"lessThan\": \"CU1 hotfix 24.02.1200.16\", \"versionType\": \"patch\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Limited remote code execution with privilege of a NetworkService Account access\\u00a0in\\u00a0Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eLimited remote code execution with privilege of a NetworkService Account access\u0026nbsp;\u003c/span\u003ein\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eCitrix Session Recording if the a\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ettacker is an authenticated user on the same intranet as the session recording server \u003c/span\u003e\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"shortName\": \"Citrix\", \"dateUpdated\": \"2024-11-12T18:01:15.375Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-8069\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-26T03:55:20.543Z\", \"dateReserved\": \"2024-08-21T23:22:40.773Z\", \"assignerOrgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"datePublished\": \"2024-11-12T18:01:15.375Z\", \"assignerShortName\": \"Citrix\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.