Description
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
CVSS Metrics
- Vector
- CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Attack Vector
- adjacent
- Complexity
- low
- Privileges
- low
- User Action
- none
- Confidentiality
- undefined
- Integrity
- undefined
- Availability
- undefined
- Weaknesses
- CWE-269
Metadata
- Primary Vendor
- CITRIX
- Published
- 11/12/2024
- Last Modified
- 10/24/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
citrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recordingcitrix : session_recording
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.