Cyber Resilience

CVE-2024-8068

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 12 November 2024

Published
12 November 2024
Modified
24 October 2025
KEV Added
25 August 2025
Patch
CVSS Score v4 5.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0805 92.3th percentile
Risk Priority 35 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-8068 is a medium-severity Improper Privilege Management (CWE-269) vulnerability in Citrix Session Recording. Its CVSS base score is 5.1 (Medium).

Operationally, ranked in the top 7.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-8068 is a privilege escalation vulnerability affecting Citrix Session Recording. It allows an attacker to gain access to the NetworkService account on the session recording server when the attacker is an authenticated user in the same Windows Active Directory domain as that server. The issue is tracked under CWE-269 and carries a CVSS 4.0 score of 5.1.

An authenticated domain user on the same Active Directory domain can exploit the flaw over the local network to elevate privileges to the NetworkService account, obtaining limited but elevated access on the affected server.

Citrix has published security bulletin CTX691941 addressing CVE-2024-8068 alongside a related issue, and the vulnerability appears in CISA’s Known Exploited Vulnerabilities catalog. The associated EPSS score has remained low, with a current value of 0.0805 and a peak of 0.0899.

EU & UK References

Vulnerability details

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain

CWE(s)
KEV Date Added
25 August 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

citrix
session recording
1912, 2203, 2402, 2407 · ≤ 2407

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces access restrictions so an authenticated domain user cannot elevate to NetworkService privileges on the Citrix Session Recording server.

prevent

Limits privileges assigned to the session-recording service and domain accounts, directly blocking the escalation path to NetworkService.

prevent

Requires prompt application of the vendor patch (CTX691941) that eliminates the privilege-escalation flaw before exploitation.

References