CVE-2024-8068
Published: 12 November 2024
Summary
CVE-2024-8068 is a medium-severity Improper Privilege Management (CWE-269) vulnerability in Citrix Session Recording. Its CVSS base score is 5.1 (Medium).
Operationally, ranked in the top 7.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2024-8068 is a privilege escalation vulnerability affecting Citrix Session Recording. It allows an attacker to gain access to the NetworkService account on the session recording server when the attacker is an authenticated user in the same Windows Active Directory domain as that server. The issue is tracked under CWE-269 and carries a CVSS 4.0 score of 5.1.
An authenticated domain user on the same Active Directory domain can exploit the flaw over the local network to elevate privileges to the NetworkService account, obtaining limited but elevated access on the affected server.
Citrix has published security bulletin CTX691941 addressing CVE-2024-8068 alongside a related issue, and the vulnerability appears in CISA’s Known Exploited Vulnerabilities catalog. The associated EPSS score has remained low, with a current value of 0.0805 and a peak of 0.0899.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-49530
Vulnerability details
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
- CWE(s)
- KEV Date Added
- 25 August 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces access restrictions so an authenticated domain user cannot elevate to NetworkService privileges on the Citrix Session Recording server.
Limits privileges assigned to the session-recording service and domain accounts, directly blocking the escalation path to NetworkService.
Requires prompt application of the vendor patch (CTX691941) that eliminates the privilege-escalation flaw before exploitation.