CVE-2024-8069

CVSS v3.1

8.8

High

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Citrix Virtual Apps and Desktops (CVAD) (affected versions not specified)

Description The issue is related to insufficient deserialization mechanism in the Session Recording component of Citrix Virtual Apps and Desktops (CVAD). This can allow a remote attacker to execute arbitrary code. The exploitation requires the attacker to be an authenticated user on the same intranet as the session recording server, with limited remote code execution and privilege of a NetworkService Account access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Code Injection

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-502

Related Identifiers

BDU:2024-10074

CVE-2024-8069

Affected Products

Citrix Virtual Apps/Desktops

CVE-2024-8069

Weakness Enumeration

Related Identifiers

Affected Products

References · 60