{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8069", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2024-08-21T23:22:40.773Z", "datePublished": "2024-11-12T18:01:15.375Z", "dateUpdated": "2024-11-13T15:37:58.821Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Citrix Session Recording", "vendor": "Citrix Session Recording", "versions": [{"lessThan": "24.5.200.8", "status": "affected", "version": "2407 Current Release", "versionType": "patch"}, {"lessThan": "CU9 hotfix 19.12.9100.6", "status": "affected", "version": "1912 LTSR", "versionType": "patch"}, {"lessThan": "CU5 hotfix 22.03.5100.11", "status": "affected", "version": "2203 LTSR", "versionType": "patch"}, {"lessThan": "CU1 hotfix 24.02.1200.16", "status": "affected", "version": "2402 LTSR", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Limited remote code execution with privilege of a NetworkService Account access&nbsp;</span>in&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Citrix Session Recording if the a<span style=\"background-color: rgb(255, 255, 255);\">ttacker is an authenticated user on the same intranet as the session recording server </span></span>"}], "value": "Limited remote code execution with privilege of a NetworkService Account access\u00a0in\u00a0Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-11-12T18:01:15.375Z"}, "references": [{"url": "https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US"}], "source": {"discovery": "UNKNOWN"}, "title": "Limited remote code execution with privilege of a NetworkService Account access", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "affected": [{"vendor": "citrix_session_recording", "product": "citrix_session_recording", "cpes": ["cpe:2.3:a:citrix_session_recording:citrix_session_recording:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2407_current_release", "status": "affected", "lessThan": "24.5.200.8", "versionType": "custom"}, {"version": "1912 LTSR", "status": "affected", "lessThan": "CU9 hotfix 19.12.9100.6", "versionType": "custom"}, {"version": "2203 LTSR", "status": "affected", "lessThan": "CU9 hotfix 19.12.9100.6", "versionType": "custom"}, {"version": "2203 LTSR", "status": "affected", "lessThan": "CU5 hotfix 22.03.5100.11", "versionType": "custom"}, {"version": "2402 LTSR", "status": "affected", "lessThan": "CU1 hotfix 24.02.1200.16", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-13T15:32:29.880550Z", "id": "CVE-2024-8069", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T15:37:58.821Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8069", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2024-08-21T23:22:40.773Z", "datePublished": "2024-11-12T18:01:15.375Z", "dateUpdated": "2024-11-13T15:37:58.821Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Citrix Session Recording", "vendor": "Citrix Session Recording", "versions": [{"lessThan": "24.5.200.8", "status": "affected", "version": "2407 Current Release", "versionType": "patch"}, {"lessThan": "CU9 hotfix 19.12.9100.6", "status": "affected", "version": "1912 LTSR", "versionType": "patch"}, {"lessThan": "CU5 hotfix 22.03.5100.11", "status": "affected", "version": "2203 LTSR", "versionType": "patch"}, {"lessThan": "CU1 hotfix 24.02.1200.16", "status": "affected", "version": "2402 LTSR", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Limited remote code execution with privilege of a NetworkService Account access&nbsp;</span>in&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Citrix Session Recording if the a<span style=\"background-color: rgb(255, 255, 255);\">ttacker is an authenticated user on the same intranet as the session recording server </span></span>"}], "value": "Limited remote code execution with privilege of a NetworkService Account access\u00a0in\u00a0Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2024-11-12T18:01:15.375Z"}, "references": [{"url": "https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US"}], "source": {"discovery": "UNKNOWN"}, "title": "Limited remote code execution with privilege of a NetworkService Account access", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-8069", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-13T15:32:29.880550Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:citrix_session_recording:citrix_session_recording:*:*:*:*:*:*:*:*"], "vendor": "citrix_session_recording", "product": "citrix_session_recording", "versions": [{"status": "affected", "version": "2407_current_release", "lessThan": "24.5.200.8", "versionType": "custom"}, {"status": "affected", "version": "1912 LTSR", "lessThan": "CU9 hotfix 19.12.9100.6", "versionType": "custom"}, {"status": "affected", "version": "2203 LTSR", "lessThan": "CU9 hotfix 19.12.9100.6", "versionType": "custom"}, {"status": "affected", "version": "2203 LTSR", "lessThan": "CU5 hotfix 22.03.5100.11", "versionType": "custom"}, {"status": "affected", "version": "2402 LTSR", "lessThan": "CU1 hotfix 24.02.1200.16", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T15:33:45.562Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Limited remote code execution with privilege of a NetworkService Account access\u00a0in\u00a0Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server"}, {"lang": "es", "value": "Ejecuci\u00f3n remota limitada de c\u00f3digo con privilegio de acceso a una cuenta de servicio de red en la grabaci\u00f3n de sesiones de Citrix si el atacante es un usuario autenticado en la misma intranet que el servidor de grabaci\u00f3n de sesiones"}], "id": "CVE-2024-8069", "lastModified": "2024-11-13T17:01:16.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW"}, "source": "secure@citrix.com", "type": "Secondary"}]}, "published": "2024-11-12T18:15:47.603", "references": [{"source": "secure@citrix.com", "url": "https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "secure@citrix.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}