Citrix Products Multiple Vulnerabilities

Last Update Date: 26 Aug 2025 Release Date: 15 Nov 2024 9493 Views

RISK: High Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and remote code execution on the targeted system.

Note:

CVE-2024-8068 and CVE-2024-8069 are being exploited in the wild. For CVE-2024-8068, Citrix Session Recording contains an improper privilege management vulnerability that could allow attacker for privilege escalation to NetworkService Account access. For CVE-2024-8069, it contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker needs to be authenticated before exploiting these vulunbilities. Hence, the overall risk is rated as High Risk.

[Updated on 2025-08-26]

Updated Risk Level, Description and Related Links.

Impact

Remote Code Execution
Elevation of Privilege
Denial of Service

System / Technologies affected

Citrix Virtual Apps and Desktops before 2407 hotfix 24.5.200.8
Citrix Virtual Apps and Desktops 1912 LTSR before CU9 hotfix 19.12.9100.6
Citrix Virtual Apps and Desktops 2203 LTSR before CU5 hotfix 22.03.5100.11
Citrix Virtual Apps and Desktops 2402 LTSR before CU1 hotfix 24.02.1200.16
NetScaler ADC and NetScaler Gateway 14.1 before 14.1-29.72
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-55.34
NetScaler ADC 13.1-FIPS before 13.1-37.207
NetScaler ADC 12.1-FIPS before 12.1-55.321
NetScaler ADC 12.1-NDcPP before 12.1-55.321

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Citrix