← Back

CVE-2024-8069

nvd nist
Published: Nov 12, 2024Modified: Oct 24, 2025CISA KEV

JSON object

Loading...
5.1
Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: secure@citrix.com (Secondary)

Description

Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server

Affected (17)

Citrix
1 product
Session Recording
Configuration A
17 vulnerable
Vulnerable SoftwareAffected Versions
Citrix
Session Recording
Before 2407
Session Recording
Version 1912
Session Recording
Version 1912 cu1
Session Recording
Version 1912 cu2
Session Recording
Version 1912 cu3
Session Recording
Version 1912 cu4
Session Recording
Version 1912 cu5
Session Recording
Version 1912 cu6
Session Recording
Version 1912 cu7
Session Recording
Version 1912 cu8
Session Recording
Version 2203
Session Recording
Version 2203 cu1
Session Recording
Version 2203 cu2
Session Recording
Version 2203 cu3
Session Recording
Version 2203 cu4
Session Recording
Version 2402
Session Recording
Version 2407

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

Source: secure@citrix.com
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.