Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
History

Fri, 25 Jul 2025 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Citrix
Citrix session Recording
CPEs cpe:2.3:a:citrix:session_recording:*:*:*:*:-:*:*:*
cpe:2.3:a:citrix:session_recording:1912:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu2:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu3:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu4:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu5:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu6:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu7:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:1912:cu8:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu2:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu3:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu4:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2203:cu5:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2402:-:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:session_recording:2407:-:*:*:-:*:*:*
Vendors & Products Citrix
Citrix session Recording
Metrics cvssV3_1

{'score': 8.0, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Fri, 22 Nov 2024 16:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 0.0, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N'}


Fri, 22 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 14 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 0, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 12 Nov 2024 18:00:00 +0000

Type Values Removed Values Added
Description Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
Title Privilege escalation to NetworkService Account access
Weaknesses CWE-269
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Citrix

Published:

Updated: 2024-11-22T15:18:44.098Z

Reserved: 2024-08-21T23:22:39.410Z

Link: CVE-2024-8068

cve-icon Vulnrichment

Updated: 2024-11-14T16:05:59.946Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-12T18:15:47.450

Modified: 2025-07-25T17:10:52.020

Link: CVE-2024-8068

cve-icon Redhat

No data.