Citrix and security researchers at watchTowr on Tuesday warned about security flaws in Citrix Session Recording that can allow an attacker to take control of a system.
The vulnerabilities include CVE-2024-8068, a privilege escalation that allows access to NetworkService Account access, and CVE-2024-8069, which allows limited remote code execution, with the privilege of a NetworkService account access.
Researchers at watchTowr said the flaw was discovered as part of the firm’s ongoing research into internal vulnerabilities and exploit development.
“At its core, the Citrix solution deserializes untrusted user data, using a .NET function provided by Microsoft (BinaryFormatter) that is known insecure, and Microsoft explicitly states cannot be made secure,” Benjamin Harris, CEO at watchTowr, said via email. “The user data is received by Citrix via an MSMQ queue, which we are able to access over the Internet via network services that are designed to be exposed to the internet for this solution to function.”
Microsoft warns the BinaryFormatter type is considered dangerous and says attackers leveraging…