CVE-2024-8068

{"id": "CVE-2024-8068", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}], "cvssMetricV40": [{"type": "Secondary", "source": "secure@citrix.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-11-12T18:15:47.450", "references": [{"url": "https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US", "tags": ["Vendor Advisory"], "source": "secure@citrix.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "secure@citrix.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Privilege escalation to NetworkService Account access\u00a0in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain"}, {"lang": "es", "value": "Escalada de privilegios para acceder a la cuenta de NetworkService en Citrix Session Recording cuando un atacante es un usuario autenticado en el mismo dominio de Windows Active Directory que el dominio del servidor de grabaci\u00f3n de sesiones"}], "lastModified": "2025-07-25T17:10:52.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:session_recording:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "FCF54DB8-BBE4-4E48-9037-6FD0E3E3426E", "versionEndExcluding": "2407"}, {"criteria": "cpe:2.3:a:citrix:session_recording:1912:-:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "7F7F0822-5777-4970-A81F-2FECDE137E53"}, {"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu1:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "E0A17B51-A720-4DB7-BF84-CE13B9517C91"}, {"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu2:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "9BE1BBDB-B867-4B8D-AE55-24D09F0D4EF7"}, {"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu3:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "B4E177A4-F2AF-450F-AC8F-5609E586C654"}, {"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu4:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "86C686E6-2980-49B3-8229-09EB8F91EDCE"}, {"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu5:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "79E71D63-EB85-4305-8F9D-D1BF7EC71992"}, {"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu6:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "A46CDA97-3C7C-45B6-890E-9676F059CD88"}, {"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu7:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "560A4530-C2D2-4631-A754-6DC97E3F29E9"}, {"criteria": "cpe:2.3:a:citrix:session_recording:1912:cu8:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "A9650D15-919D-4F9E-A54D-9E5174D26B07"}, {"criteria": "cpe:2.3:a:citrix:session_recording:2203:-:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "C160123B-9BD5-4B7A-A516-F5A5F97FCC79"}, {"criteria": "cpe:2.3:a:citrix:session_recording:2203:cu1:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "3F507C4F-89AE-45DC-A849-44204AD06D09"}, {"criteria": "cpe:2.3:a:citrix:session_recording:2203:cu2:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "D40669E2-BE98-420B-98F0-10FBF2EA5E6E"}, {"criteria": "cpe:2.3:a:citrix:session_recording:2203:cu3:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "72923D9A-96C8-40D7-A630-C3C143A7AEA1"}, {"criteria": "cpe:2.3:a:citrix:session_recording:2203:cu4:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "133696EC-56AB-4B77-8CFE-C97550886037"}, {"criteria": "cpe:2.3:a:citrix:session_recording:2203:cu5:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "73477179-3270-419C-9ACC-26E43A8D3E93"}, {"criteria": "cpe:2.3:a:citrix:session_recording:2402:-:*:*:ltsr:*:*:*", "vulnerable": true, "matchCriteriaId": "34A32BF4-B379-46D9-AAE6-85680B5ECA42"}, {"criteria": "cpe:2.3:a:citrix:session_recording:2407:-:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "272D5CE4-4A2F-4417-A274-711FF4115907"}], "operator": "OR"}]}], "sourceIdentifier": "secure@citrix.com"}