CVE-2024-8068 MEDIUM

CVE-2024-8068: Privilege escalation to NetworkService Account access

Vendor Citrix
Product Citrix Session Recording
Weakness CWE-269
KEV Status Known Exploited
Published November 12, 2024
Last update October 21, 2025

CVSS base score

5.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

November 12, 2024 CVE published
October 21, 2025 Record updated

Related vulnerabilities

05Related CVE