CVE-2024-8068

HIGH KEV

Citrix Session Recording - Privilege Escalation

Title source: llm

Description

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain

References (2)

[Vendor Advisory] https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8068

Scores

CVSS v3 8.0

EPSS 0.0805

EPSS Percentile 92.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-08-25

VulnCheck KEV 2024-11-12

ENISA EUVD EUVD-2024-49530

CWE

CWE-269

Status published

Products (5)

citrix/session_recording 1912 (9 CPE variants)

citrix/session_recording 2203 (6 CPE variants)

citrix/session_recording 2402

citrix/session_recording 2407

citrix/session_recording < 2407

Published Nov 12, 2024

KEV Added Aug 25, 2025

Tracked Since Feb 18, 2026