Citrix: Public PoC for CVE-2024-8069 Exploitation (AL02/241114/CSIRT-ITA) – Update

Summary

A Proof of Concept (PoC) is available for CVE-2024-8069 – already fixed by the vendor – present in Citrix Session Recording, a security feature that allows recording the on-screen activity of user sessions hosted on Citrix Virtual Apps and Desktops. This vulnerability, if exploited, could allow a remote attacker to execute arbitrary code on affected devices.

Risk

Estimate of the impact of the vulnerability on the reference community: HIGH/ORANGE (73.71/100)¹.

Type

• Remote Code Execution

Affected Products and Versions – (Updated 11/20/2024)

Current Release (CR)

• Citrix Session Recording, versions prior to 2407 hotfix 24.5.200.8

Long Term Service Release (LTSR)

• Citrix Session Recording 1912 LTSR, versions prior to CU9 hotfix 19.12.9100.6
• Citrix Session Recording 2203 LTSR, versions prior to CU5 hotfix 22.03.5100.11
• Citrix Session Recording 2402 LTSR, versions prior to CU1 hotfix 24.02.1200.16

Note (Updated 11/20/2024): As indicated by the vendor, ‘Citrix Virtual Apps and Desktops’ with ‘Citrix Session Recording’ to more specifically indicate the product affected by the vulnerability.

Mitigation actions

In line with vendor statements, it is recommended to update the products following the indications available at the links reported in the References section.

Unique vulnerability identifiers

CVE-2024-8069

References

https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US

¹This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.