Main Vulnerability Database Vulnerabilities #VU100448

#VU100448 Improper privilege management in Citrix Virtual Apps and Desktops - CVE-2024-8068

Published: November 13, 2024 / Updated: August 25, 2025

Vulnerability identifier: #VU100448

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2024-8068

CWE-ID: CWE-269

Exploitation vector: Adjecent network

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Citrix Virtual Apps and Desktops

Software vendor:
Citrix

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to improper privilege management within the NetworkService Account access. A remote user can escalate privileges on the system.

Note, an attacker must be authenticated in the same Windows Active Directory domain as the session recording server domain.

Remediation

Install updates from vendor's website.

External links

https://support.citrix.com/article/CTX691941

#VU100448 Improper privilege management in Citrix Virtual Apps and Desktops - CVE-2024-8068

Description

Remediation

External links

Please verify you're human