CVE-2024-8068: 
Citrix Virtual Delivery Agent (VDA) vulnerability analysis and mitigation

CVE-2024-8068 is a privilege escalation vulnerability in Citrix Session Recording that allows an authenticated user in the same Windows Active Directory domain as the session recording server to gain NetworkService Account access (NVD). The vulnerability was disclosed on November 12, 2024, and affects Citrix Virtual Apps and Desktops environments that have Session Recording enabled.

The vulnerability is classified as CWE-269 (Improper Privilege Management) with a CVSS v4.0 Base Score of 5.1 (Medium) and vector string CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N (NVD). The vulnerability exists in the Session Recording component which is responsible for capturing and storing user session data, including keyboard input and video streams (WatchTowr Labs).

When exploited, this vulnerability allows an authenticated attacker to elevate their privileges to NetworkService Account level on the session recording server. This could potentially enable the attacker to access and manipulate session recordings and related data (NVD).

Citrix has released security updates to address this vulnerability. Organizations using Citrix Session Recording should apply the latest patches as detailed in the security bulletin (Citrix Support).