CVE-2024-8068

Privilege escalation to NetworkService Account accessin Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CitrixCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
citrixsession_recording
𝑥
< 2407
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8068