CVE-2024-8068

Published Nov 12, 2024

Last updated 5 months ago

Exploit knownCVSS medium 5.1
Citrix Session Recording
Zero-day
VDI

Overview

Description
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
Source
secure@citrix.com
NVD status
Analyzed
Products
session_recording

Risk scores

CVSS 4.0

Type
Secondary
Base score
5.1
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
8
Impact score
5.9
Exploitability score
2.1
Vector string
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Citrix Session Recording Improper Privilege Management Vulnerability
Exploit added on
Aug 25, 2025
Exploit action due
Sep 15, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@citrix.com
CWE-269

Social media

Hype score
Not currently trending

  1. 🛡️ We added Citrix and Git vulnerabilities CVE-2024-8068, CVE-2024-8069, & CVE-2025-48384 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/IjKmgibT4Z & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/4Lc

    @pro_recover_y

    1 Sept 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🛡️ We added Citrix and Git vulnerabilities CVE-2024-8068, CVE-2024-8069, & CVE-2025-48384 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/rLaCxQoLpX & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/OdN

    @Astrah_Hackz

    1 Sept 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. #CISA adds three exploited #vulnerabilities (CVE-2024-8068, CVE-2024-8069, CVE-2025-48384) to its KEV catalogue. #Cybersecurity #infosec https://t.co/RqhqvunyEN https://t.co/puxs2Jz2h9

    @twelvesec

    28 Aug 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CISA adds Citrix vulnerabilities CVE-2024-8069 and CVE-2024-8068 to KEV catalog. Critical zero-day CVE-2025-7775 in NetScaler ADC/Gateway actively exploited, causing remote code execution. #CitrixRisks #NetScalerFlaws #USA https://t.co/DyZ4vHdoZt

    @TweetThreatNews

    26 Aug 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CISA alerts on a critical Git flaw (CVE-2025-48384) enabling arbitrary code execution via crafted submodules in config files. Citrix Session Recording bugs CVE-2024-8068 & CVE-2024-8069 also noted. Updates available from Git v2.43.7. #GitVulnerability #USA https://t.co/pBsmWJ

    @TweetThreatNews

    26 Aug 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Cisa added 3️⃣ Dangerous vulnerability to Kev. Two relate to Citrix Session Recording (Cve-2024-8068, Cve-2024-8069) and allow increase privileges and implementation code. The third - Cve-2025-48384 In git with CVSS 8.1, can lead to Launch harmful code While cloning repositor

    @Hack_Your_Mom

    26 Aug 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CISA added three actively exploited vulnerabilities to KEV catalog impacting Citrix Session Recording (CVE-2024-8068, CVE-2024-8069) and Git (CVE-2025-48384), enabling privilege escalation and code execution. #Citrix #GitFlaw #USA https://t.co/QJjk7oXQXW

    @TweetThreatNews

    26 Aug 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 📌 أضافت وكالة الأمن السيبراني الأمريكية (CISA) ثلاث ثغرات أمنية، تتعلق بتسجيل الجلسات في Citrix وGit، إلى قائمة الثغرات المستغلة المعروفة (KEV). الثغرة الأولى هي

    @Cybercachear

    26 Aug 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. ⚠️Citrix製品とGitの脆弱性が悪用される、米CISAがKEVカタログに追加(CVE-2024-8069、CVE-2024-8068、CVE-2025-48384) 〜サイバーアラート8月26日〜 https://t.co/AWpmkysT8J #セキュリティ #インテリジェンス #OSINT

    @MachinaRecord

    26 Aug 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-8068 #Citrix Session Recording Improper Privilege Management Vulnerability https://t.co/l4T5YGKsDa

    @ScyScan

    25 Aug 2025

    96 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🛡️ We added Citrix and Git vulnerabilities CVE-2024-8068, CVE-2024-8069, & CVE-2025-48384 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwapzIN & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/0Hu

    @CISACyber

    25 Aug 2025

    16394 Impressions

    59 Retweets

    148 Likes

    30 Bookmarks

    5 Replies

    2 Quotes

  12. 1/10 Urgent Alert: Citrix Session Recording vulnerabilities (CVE-2024-8068 & CVE-2024-8069) are under active exploitation. Patch now! #CyberSecurityAlert #CitrixVuln 🚨🔒

    @Eth1calHackrZ

    2 Dec 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. #ThreatProtection #CVE-2024-8068, #CVE-2024-8069 - Citrix Session Recording RCE #Vulnerability, read more about Symantec's protection: https://t.co/p6g62pwMxO

    @threatintel

    27 Nov 2024

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 2/10 🔍 Vulnerabilities Unveiled: 1. CVE-2024-8068: Privilege escalation to NetworkService. 2. CVE-2024-8069: Limited RCE as NetworkService. Update now to protect your systems! #CyberVulnerabilities

    @Eth1calHackrZ

    25 Nov 2024

    27 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Actively exploited CVE : CVE-2024-8068

    @transilienceai

    23 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. De multiples tentatives d'exploitation observées pour deux vulnérabilités d'enregistrement de sessions Citrix (CVE-2024-8068 et CVE-2024-8069) https://t.co/Otwqa5PBIL

    @cert_ist

    21 Nov 2024

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 CVE-2024-8068 & CVE-2024-8069: Citrix Session Recording Manager Unauthenticated RCE is actively being exploited. https://t.co/hTKeS4v9Ah https://t.co/9fBUULr12D

    @IntCyberDigest

    18 Nov 2024

    462 Impressions

    1 Retweet

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  18. #Cybersecurity researchers have disclosed new #security flaws (CVE-2024-8068 & CVE-2024-8069) impacting #Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated RCE. https://t.co/pkIeFCFh3c https://t.co/dIPlnqmkmZ

    @twelvesec

    14 Nov 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨Vulnerabilidades en Citrix Virtual Apps permiten ataques RCE a través de una mala configuración de MSMQ CVE-2024-8068 CVE-2024-8069 https://t.co/7i5sFBgkHb

    @elhackernet

    13 Nov 2024

    3225 Impressions

    14 Retweets

    59 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  20. Kritieke privilege escalatie in citrix session recording blootgelegd: wat u moet weten https://t.co/4Cny3FPhdk #CVE-2024-8068 #Citrix Session Recording #Privilege Escalatie #Beveiligingslek #Citrix Systems, Inc. #Trending #Tech #Nieuws

    @TrendingNewsBot

    13 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Kritieke beveiligingslek in citrix session recording: cve-2024-8068 ontdekt https://t.co/X4aOLCCcfj #CVE-2024-8068 #Citrix Session Recording #beveiligingslek #privilege escalatie #IT-beveiliging #Trending #Tech #Nieuws

    @TrendingNewsBot

    13 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Belangrijke privilege escalatie in citrix session recording blootgelegd https://t.co/hfhTChV4Js #CVE-2024-8068 #Citrix Session Recording #Privilege Escalatie #Beveiligingsupdate #NetwerkService Account #Trending #Tech #Nieuws

    @TrendingNewsBot

    13 Nov 2024

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Opgelet: nieuwe kwetsbaarheid cve-2024-8068 ontdekt in citrix session recording https://t.co/5IyMMQ8wO3 #CVE-2024-8068 #Citrix Session Recording #Privilege Escalation #Netwerkbeveiliging #Cybersecurity Alert #Trending #Tech #Nieuws

    @TrendingNewsBot

    13 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Citrix Session Recording Security Bulletin for CVE-2024-8068 and CVE-2024-8069 → https://t.co/0MYc2PpA6L

    @ripjyr

    12 Nov 2024

    100 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. We started seeing Citrix Virtual Apps and Desktops CVE-2024-8068/CVE-2024-8069 PoC based attempts at around 16:00 UTC today, shortly after publication. While there is discussion on whether these are remotely exploitable without auth, we urge you to update your installations NOW

    @Shadowserver

    12 Nov 2024

    11254 Impressions

    39 Retweets

    69 Likes

    34 Bookmarks

    2 Replies

    0 Quotes

  26. CVE-2024-8068 Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain … https://t.co/yGxT43HZcZ

    @CVEnew

    12 Nov 2024

    429 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Please see our latest Citrix Session Recording Security Bulletin regarding CVE-2024-8068 and CVE-2024-8069. Citrix urges affected customers to install the relevant updated versions as soon their upgrade schedule permits: https://t.co/k2QQAQoyQs

    @citrix

    12 Nov 2024

    2778 Impressions

    2 Retweets

    0 Likes

    1 Bookmark

    1 Reply

    1 Quote

  28. CVE-2024-8068 & CVE-2024-8069: Citrix Session Recording Manager Unauthenticated RCE Exploits Publicly Available Discover the critical vulnerabilities in Citrix Session Recording Manager that allow unauthenticated RCE on Citrix Virtual Apps and Desktops. https://t.co/QLwpDlZX

    @the_yellow_fall

    12 Nov 2024

    1466 Impressions

    14 Retweets

    24 Likes

    5 Bookmarks

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. Qualcomm Multiple Chipsets Memory Corruption VulnerabilityCVE-2026-21385
  2. Broadcom VMware Aria Operations Command Injection VulnerabilityCVE-2026-22719
  3. Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass VulnerabilityCVE-2026-20127
  4. Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.CVE-2026-22769
  5. Google Chromium CSS Use-After-Free VulnerabilityCVE-2026-2441

References

Sources include official advisories and independent security research.