CVE-2024-8069 MEDIUM

CVE-2024-8069: Limited remote code execution with privilege of a NetworkService Account access

Vendor Citrix Session Recording
Product Citrix Session Recording
Weakness CWE-502 · Unsafe deserialization
KEV Status Known Exploited
Published November 12, 2024
Last update October 21, 2025

CVSS base score

5.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

November 12, 2024 CVE published
October 21, 2025 Record updated