CVE-2024-8069

Limited remote code execution with privilege of a NetworkService Account access

CVSS 5.1 MEDIUMEPSS 14.7%● KEVCWE-502

In short

A flaw in Citrix Session Recording allows an authenticated user on the same network to execute limited code with NetworkService account privileges. This matters because an attacker who gains access to the internal network could run malicious commands with elevated permissions.

Technical detail

CWE-502 (deserialization vulnerability) in Citrix Session Recording permits remote code execution with NetworkService-level privileges when an authenticated attacker on the same intranet sends malicious serialized objects to the recording server. Exploitation requires network access and valid authentication credentials; impact is limited to the privileges of the NetworkService account.

Summary generated and translated by AI from the official description.

Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected products

Citrix Session Recording · Citrix Session Recording

public PoCs found — 1

githubgithub.com/mdiqbalahmad/cve-2024-8069-exp-Citrix-Virtual-Apps-XEN★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8069