CVE-2024-8068

HIGH KEV

Citrix Session Recording - Privilege Escalation

Title source: llm

Description

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain

References (2)

[Vendor Advisory] https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8068

Scores

CVSS v3 8.0

EPSS 0.0805

EPSS Percentile 92.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2025-08-25

VulnCheck KEV 2024-11-12

ENISA EUVD EUVD-2024-49530

Classification

CWE

CWE-269

Status published

Affected Products (18)

citrix/session_recording < 2407

citrix/session_recording

... and 3 more

Timeline

Published Nov 12, 2024

KEV Added Aug 25, 2025

Tracked Since Feb 18, 2026