Citrix Session Recording PrivEsc to NetworkService via AD Auth
CVE-2024-8068 Published on November 12, 2024
Privilege escalation to NetworkService Account access
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
Known Exploited Vulnerability
This Citrix Session Recording Improper Privilege Management Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain.
The following remediation steps are recommended / required by September 15, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2024-8068
Want to know whenever a new CVE is published for Citrix Session Recording? stack.watch will email you.
Affected Versions
Citrix Session Recording:- Version 2407 Current Release and below 24.5.200.8 is affected.
- Version 1912 LTSR and below CU9 hotfix 19.12.9100.6 is affected.
- Version 2203 LTSR and below CU5 hotfix 22.03.5100.11 is affected.
- Version 2402 LTSR and below CU1 hotfix 24.02.1200.16 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.