Summary
A Proof of Concept (PoC) is available for CVE-2024-8069 – already fixed by the vendor – present in Citrix Session Recording, a security feature that allows recording the on-screen activity of user sessions hosted on Citrix Virtual Apps and Desktops. This vulnerability, if exploited, could allow a remote attacker to execute arbitrary code on affected devices.
Risk
Estimate of the impact of the vulnerability on the reference community: HIGH/ORANGE (73.71/100)1.
Type
- Remote Code Execution
Affected Products and Versions
Current Release (CR)
- Citrix Virtual Apps and Desktops, versions prior to 2407 hotfix 24.5.200.8
Long Term Service Release (LTSR)
- Citrix Virtual Apps and Desktops 1912 LTSR, versions prior to CU9 hotfix 19.12.9100.6
- Citrix Virtual Apps and Desktops 2203 LTSR, versions prior to CU5 hotfix 22.03.5100.11
- Citrix Virtual Apps and Desktops 2402 LTSR, versions prior to CU1 hotfix 24.02.1200.16
Mitigation Actions
In line with vendor statements, it is recommended to update products following the instructions available at the links in the References section.
Unique Vulnerability Identifiers
References
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
