CVE-2024-8069

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-8069
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:citrix:session_recording:*:*:*:*:-:*:*:*
cpe:2.3:a:citrix:session_recording:1912:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu2:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu3:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu4:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu5:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu6:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu7:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu8:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu2:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu3:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu4:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu5:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2402:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2407:-:*:*:-:*:*:*
History

25 Jul 2025, 18:30

Type Values Removed Values Added
First Time Citrix session Recording
Citrix
References () https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US - () https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US - Vendor Advisory
CPE cpe:2.3:a:citrix:session_recording:1912:cu2:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu4:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu6:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:*:*:*:*:-:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu3:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu8:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu4:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2407:-:*:*:-:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu5:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu2:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu3:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2402:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu7:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu5:*:*:ltsr:*:*:*

13 Nov 2024, 16:35

Type Values Removed Values Added
CWE CWE-94
Summary
  • (es) Ejecución remota limitada de código con privilegio de acceso a una cuenta de servicio de red en la grabación de sesiones de Citrix si el atacante es un usuario autenticado en la misma intranet que el servidor de grabación de sesiones
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8

12 Nov 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-12 18:15

Updated : 2025-07-25 18:30

NVD link : CVE-2024-8069

Mitre link : CVE-2024-8069

CVE.ORG link : CVE-2024-8069

JSON object : View

Products Affected

citrix

  • session_recording
CWE
CWE-502

Deserialization of Untrusted Data

CWE-94

Improper Control of Generation of Code ('Code Injection')