TROYANOSYVIRUS
Volver a CVEs

CVE-2024-8069

HIGHCISA KEV
8.0

Descripcion

Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server

Detalles CVE

Puntuacion CVSS v3.18.0
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueADJACENT_NETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado11/12/2024
Ultima modificacion10/24/2025
Fuentekev
Avistamientos honeypot0

CISA KEV

VendedorCitrix
ProductoSession Recording
Nombre vulnerabilidadCitrix Session Recording Deserialization of Untrusted Data Vulnerability
Fecha inclusion KEV2025-08-25
Fecha limite remediacion2025-09-15
Uso en ransomwareUnknown

Productos afectados

citrix:session_recording

Debilidades (CWE)

CWE-502

Referencias

https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US(secure@citrix.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8069(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.