Main Vulnerability Database Vulnerabilities #VU100448

Improper privilege management in Citrix Virtual Apps and Desktops - CVE-2024-8068

Published: November 13, 2024 / Updated: August 25, 2025

Vulnerability identifier: #VU100448

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2024-8068

CWE-ID: CWE-269

Exploitation vector: Adjecent network

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Citrix

Affected software:
Citrix Virtual Apps and Desktops

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to improper privilege management within the NetworkService Account access. A remote user can escalate privileges on the system.

Note, an attacker must be authenticated in the same Windows Active Directory domain as the session recording server domain.

How to mitigate CVE-2024-8068

Install updates from vendor's website.

Sources

https://support.citrix.com/article/CTX691941

Improper privilege management in Citrix Virtual Apps and Desktops - CVE-2024-8068

Detailed vulnerability description

How to mitigate CVE-2024-8068

Sources

Please verify you're human