CVE-2024-8069

high-risk

Published 2024-11-12

Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server

Do I need to act?

!

48.3% chance of exploitation in next 30 days

EPSS score — higher than 52% of all CVEs

!

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

8

CVSS 8.0/10 High

ADJACENT_NETWORK / LOW complexity

Affected Products (17)

Session Recording

Session Recording

Session Recording

Session Recording

Session Recording

Session Recording

Session Recording

Session Recording

Session Recording

Session Recording

Session Recording

Session Recording

Session Recording

Session Recording

Session Recording

Session Recording

Session Recording

Affected Vendors

Citrix

References (2)

Vendor Advisory https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security...

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-...

69

/ 100

high-risk

Severity 25/34 · High

Exploitability 25/34 · High

Exposure 19/34 · Moderate