Vulnerabilities in Citrix Session Recording (CVE-2024-8068, CVE-2024-8069) may allow privilege escalation, data theft, and system disruption.
Greenwill Solution informs you of a new medium-level vulnerability discovered in Citrix Session Recording, identified as CVE-2024-8068 and CVE-2024-8069. These vulnerabilities could allow attackers to gain unauthorized access to sensitive data or escalate privileges, potentially disrupting Citrix environments.
Potential Impact
Privilege Escalation: Attackers could gain unauthorized access to sensitive information or critical systems within Citrix Session Recording.
Data Theft: Unauthorized access may result in data leaks.
System Disruption: Critical systems could be compromised, impacting operations.
Affected Products and Versions
The vulnerabilities affect the following versions of Citrix Virtual Apps and Desktops:
Versions before 2407 hotfix 24.5.200.8
Versions 1912 LTSR before CU9 hotfix 19.12.9100.6
Versions 2203 LTSR before CU5 hotfix 22.03.5100.11
Versions 2402 LTSR before CU1 hotfix 24.02.1200.16
Solution and Recommendations
To mitigate these vulnerabilities, update to the following secure versions:
Citrix Virtual Apps and Desktops 2407 hotfix 24.5.200.8 and later
Citrix Virtual Apps and Desktops 1912 LTSR CU9 hotfix 19.12.9100.6 and later
Citrix Virtual Apps and Desktops 2203 LTSR CU5 hotfix 22.03.5100.11 and later
Citrix Virtual Apps and Desktops 2402 LTSR CU1 hotfix 24.02.1200.16 and later
For detailed information, refer to Citrix’s Security Bulletin.
Greenwill Solution’s Patch Management Service is here to ensure your systems are updated and secured effectively. Contact us today to schedule a consultation and protect your infrastructure.
Comments