← Back

CVE-2024-8068

nvd nist
Published: Nov 12, 2024Modified: Oct 24, 2025CISA KEV

JSON object

Loading...
5.1
Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: secure@citrix.com (Secondary)

Description

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain

Affected (18)

Citrix
1 product
Session Recording
Configuration A
18 vulnerable
Vulnerable SoftwareAffected Versions
Citrix
Session Recording
Before 2407
Session Recording
Version 1912
Session Recording
Version 1912 cu1
Session Recording
Version 1912 cu2
Session Recording
Version 1912 cu3
Session Recording
Version 1912 cu4
Session Recording
Version 1912 cu5
Session Recording
Version 1912 cu6
Session Recording
Version 1912 cu7
Session Recording
Version 1912 cu8
Session Recording
Version 2203
Session Recording
Version 2203 cu1
Session Recording
Version 2203 cu2
Session Recording
Version 2203 cu3
Session Recording
Version 2203 cu4
Session Recording
Version 2203 cu5
Session Recording
Version 2402
Session Recording
Version 2407

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

Source: secure@citrix.com
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.