CVE-2024-8069

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-8069
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:citrix:session_recording:*:*:*:*:-:*:*:*
cpe:2.3:a:citrix:session_recording:1912:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu2:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu3:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu4:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu5:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu6:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu7:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu8:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu2:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu3:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu4:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu5:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2402:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2407:-:*:*:-:*:*:*
History

25 Jul 2025, 18:30

Type Values Removed Values Added
References () https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US - () https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US - Vendor Advisory
First Time Citrix session Recording
Citrix
CPE cpe:2.3:a:citrix:session_recording:2402:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2407:-:*:*:-:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu7:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu2:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu4:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu6:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu5:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu8:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu3:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu3:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu5:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu2:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:*:*:*:*:-:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu4:*:*:ltsr:*:*:*
Information

Published : 2024-11-12 18:15

Updated : 2025-07-25 18:30

NVD link : CVE-2024-8069

Mitre link : CVE-2024-8069

CVE.ORG link : CVE-2024-8069

JSON object : View

Products Affected

citrix

  • session_recording
CWE
CWE-502

Deserialization of Untrusted Data

CWE-94

Improper Control of Generation of Code ('Code Injection')