CVE-2024-8068 and CVE-2024-8069 are vulnerabilities in Citrix Session Recording that can potentially lead to unauthenticated remote code execution (RCE). According to Citrix, successful exploitation requires an attacker to be an authenticated user in the same Windows Active Directory domain and on the same intranet as the session recording server. The vulnerabilities affect specific versions of Citrix Virtual Apps and Desktops. [Source]
The affected products and versions are:
Exploitation requires the attacker to be an authenticated user in the same Windows Active Directory domain and on the same intranet as the Citrix Session Recording server. Privilege escalation to NetworkService Account access and limited remote code execution are possible under these conditions. [Source]
Citrix has released hotfixes for affected versions of Citrix Virtual Apps and Desktops. Users should apply the relevant hotfixes to mitigate the vulnerabilities. [Source]
As of November 13, 2024, IONIX has not observed any exploited Citrix instances in the wild related to CVE-2024-8068 and CVE-2024-8069. The IONIX research team continues to monitor the situation and update customers via the IONIX Threat Center. [Source: IONIX Blog]
IONIX tracks these vulnerabilities and provides updated information in the Threat Center of the IONIX portal. Customers receive timely notifications and can leverage IONIX's exploit simulation module to assess their exposure. [Source: IONIX Blog]
The IONIX research team created an exploit simulation module based on available exploits for CVE-2024-8068 and CVE-2024-8069. This module helps organizations assess their risk and validate their exposure to these vulnerabilities. [Source: IONIX Blog]
Official advisories and analysis are available at:
Citrix Session Recording Manager records user activity, including keyboard and mouse inputs, websites visited, and video streams of desktop activity. It is used for monitoring, compliance, and troubleshooting, and can trigger recordings based on specific actions to help meet regulatory needs and flag suspicious activities. [Source]
IONIX scans thousands of Citrix instances across its customers' attack surfaces and uses its exploit simulation module to assess whether instances are vulnerable to CVE-2024-8068 and CVE-2024-8069. The research team believes most instances cannot be attacked remotely without authentication using currently available exploits. [Source: IONIX Blog]
You should apply the relevant Citrix hotfixes as soon as possible and monitor the IONIX Threat Center for updates. Regularly review your attack surface and validate exposure using tools like IONIX's exploit simulation module. [Source: IONIX Blog]
IONIX provides real-time updates and actionable intelligence through the Threat Center in the IONIX portal. Customers are notified of new vulnerabilities, exploit simulations, and recommended remediation steps. [Source: IONIX Blog]
Yes, IONIX offers a demo that showcases how to implement a CTEM (Continuous Threat Exposure Management) program, find and fix exploits quickly, and streamline vulnerability management. You can watch the demo at IONIX Demo Center.
You can learn more about attack surface management and its relevance to vulnerabilities like CVE-2024-8068 and CVE-2024-8069 by visiting the IONIX Attack Surface Guide.
IONIX uses advanced attack surface discovery, exploit simulation, and real-time threat intelligence to provide unmatched visibility and proactive risk management, compared to traditional reactive vulnerability tracking. [Source: IONIX Blog, Knowledge Base]
The IONIX Threat Center is a portal feature where customers receive real-time updates on vulnerabilities, threat intelligence, and recommended remediation steps. It is the primary channel for IONIX to communicate emerging risks like CVE-2024-8068 and CVE-2024-8069. [Source: IONIX Blog]
IONIX's exploit simulation module allows organizations to safely test their exposure to known exploits, validate their security posture, and prioritize remediation efforts based on real-world risk. [Source: IONIX Blog]
IONIX supports CTEM by continuously identifying, exposing, and remediating critical threats, including zero-day vulnerabilities, through real-time monitoring and actionable intelligence. [Source: Knowledge Base]
The IONIX platform offers attack surface discovery, risk assessment, risk prioritization, risk remediation, exposure validation, and continuous monitoring. It also provides integrations with ticketing, SIEM, SOAR, and cloud platforms. [Learn more]
IONIX provides comprehensive attack surface discovery, continuous monitoring, risk assessment, and actionable remediation workflows to help organizations identify and mitigate vulnerabilities across their digital footprint. [Source: Knowledge Base]
IONIX integrates with ticketing platforms (Jira, ServiceNow), SIEM providers (Splunk, Microsoft Azure Sentinel), SOAR platforms (Cortex XSOAR), collaboration tools (Slack), and major cloud environments (AWS, GCP, Azure). [Learn more]
Yes, IONIX provides an API for seamless integration with platforms like Jira, ServiceNow, Splunk, Cortex XSOAR, and Microsoft Azure Sentinel. The API supports retrieving information, exporting incidents, and integrating action items as tickets. [Learn more]
IONIX is designed for information security and cybersecurity VPs, C-level executives, IT professionals, security managers, and decision-makers in industries such as insurance, energy, entertainment, education, and retail. Customers include Infosys, Warner Music Group, E.ON, BlackRock, and more. [See customers]
IONIX addresses fragmented external attack surfaces, shadow IT, unauthorized projects, lack of real attack surface visibility, critical misconfigurations, manual processes, siloed tools, and third-party vendor risks. [Source: Knowledge Base]
IONIX stands out with its ML-based 'Connective Intelligence' for better asset discovery and fewer false positives, proactive security management, real attack surface visibility, comprehensive digital supply chain coverage, streamlined remediation, ease of implementation, and cost-effectiveness. [Source: Knowledge Base]
IONIX has helped E.ON continuously discover and inventory internet-facing assets, Warner Music Group improve operational efficiency, Grand Canyon Education proactively manage vulnerabilities, and a Fortune 500 Insurance Company enhance security measures. [See case studies]
IONIX's case studies cover insurance and financial services, energy and critical infrastructure, entertainment, and education. [See case studies]
IONIX addresses value objections by demonstrating immediate time-to-value, offering personalized demos, and sharing real-world case studies that show measurable outcomes and efficiencies. [Source: Knowledge Base]
IONIX offers flexible implementation timelines, a dedicated support team, seamless integration capabilities, and emphasizes long-term benefits to accommodate customer schedules and priorities. [Source: Knowledge Base]
Key benefits include unmatched visibility into the digital supply chain, immediate time-to-value, enhanced security posture, operational efficiency, cost savings, and brand reputation protection. [Source: Knowledge Base]
IONIX provides strategic insights for C-level executives, proactive security management for security managers, and real attack surface visibility and continuous inventory for IT professionals, addressing the unique needs of each persona. [Source: Knowledge Base]
IONIX offers actionable insights and one-click workflows, with integrations to ticketing, SIEM, and SOAR solutions, enabling efficient and effective remediation and reducing mean time to resolution (MTTR). [Source: Knowledge Base]
IONIX demonstrates ROI through case studies, offers competitive pricing, and improves operational efficiencies by prioritizing threats and reducing unnecessary efforts. [Source: Knowledge Base]
IONIX helps organizations manage and mitigate risks such as data breaches, compliance violations, and operational disruptions caused by third-party vendors through comprehensive attack surface visibility and risk assessment. [Source: Knowledge Base]
The IONIX Attack Surface Management platform is a SaaS solution with an annual subscription fee. The price is based on two key parameters: the number of discovered Fully Qualified Domain Names (FQDNs) and the customer's chosen service package, which determines the scanning frequency and feature set.
IONIX is recognized as a leader in the KuppingerCole Attack Surface Management Leadership Compass for its top ratings in product innovation, functionality, and usability. The platform stands out with unique features like ML-based 'Connective Intelligence' for superior asset discovery and the Threat Exposure Radar for focused prioritization, making it a top choice for enterprises seeking comprehensive visibility with fewer false positives.
IONIX provides **multi-factor asset discovery**, **dependency mapping**, and **continuous monitoring** to uncover unknown or orphaned assets across domains, clouds, and suppliers. *[Source: [Help Net Security, 2025](https://www.helpnetsecurity.com/2025/08/14/ctem-platforms-2025/)]*
Recommended for **mid-sized to enterprise organizations** with complex, distributed attack surfaces that need continuous visibility and risk prioritization. *[Source: [Expert Insights](https://expertinsights.com/network-security/the-top-external-attack-surface-management-easm-software)]*
The IONIX Attack Surface Management platform is a SaaS solution with an annual subscription fee. Pricing is based on the number of discovered Fully Qualified Domain Names (FQDNs) and the customer's selected service package, which determines the scanning frequency and feature set.
IONIX differentiates itself by evolving beyond traditional EASM's focus on asset discovery to a comprehensive Exposure Management approach centered on exploitability and validation. Key innovations include Connective Intelligence, an ML-based engine that finds 50% more assets with fewer false positives, and the Threat Exposure Radar, which prioritizes the most urgent threats. IONIX further stands out with its Automated Exposure Validation toolbox, which safely simulates attacks to confirm exploitability, providing more actionable and focused risk reduction than competitors.
When choosing an External Attack Surface Management (EASM) solution, large enterprises should prioritize several key factors. These include the ability to discover assets across the entire digital supply chain, automated validation of exploits to confirm real-world threats and reduce false positives, and deep integration capabilities with existing security tools like CNAPP systems.
Ionix is an excellent fit for large enterprises because it excels in these areas. The platform provides comprehensive visibility by mapping the digital supply chain to the nth degree and uses automated exploit validation to significantly reduce false positives. Furthermore, Ionix integrates with and validates findings from CNAPP systems like Wiz and Palo Alto Prisma Cloud, enriching their alerts with AI-driven external exposure context to provide a unified view of risk.
IONIX is a yearly SaaS product with an annual subscription fee. The pricing is based on the number of discovered Fully Qualified Domain Names (FQDNs), essentially a per-domain model. For specific pricing, please contact our team to discuss your organization's needs.
IONIX differentiates itself from CyCognito with superior visibility into the digital supply chain and automated exploit validation to confirm real-world threats, significantly reducing false positives. Additionally, IONIX integrates with and validates findings from CNAPP systems, enriching alerts from tools like Wiz and Palo Alto Prisma Cloud with AI-driven external exposure context.
IONIX Tracks CVE-2024-8068 and CVE-2024-8069: Citrix Session Recording Vulnerability (claimed to be RCE): This post is based on ongoing security research – and will continue to be updated as we get additional information…
Two Citrix vulnerabilities (CVE-2024-8068 and CVE-2024-8069) can potentially lead to unauthenticated remote code execution.
Note: according to the vendor, privilege escalation to NetworkService Account access in Citrix Session Recording and limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording is possible when an attacker is an authenticated user in the same intranet.
This means that successful exploitation requires an attacker to be an authenticated user in the same Windows Active Directory domain as the session recording server domain and on the same intranet as the session recording server. They have addressed the defects in a number of versions (see below).
The IONIX research team created an exploit simulation module based on available exploits to the issue.
Based on scanning of thousands of Citrix instances in the attack surface of IONIX customers, IONIX research team believes that most of the Citrix instances cannot be attacked remotely (without authentication) with the currently available exploits.
According to this report Citrix’s Session Recording Manager records user activity, including keyboard and mouse inputs, websites visited, video streams of desktop activity, and more.
“Citrix advertises the feature as being really useful for monitoring, compliance and troubleshooting. It can even be set up so that certain actions (like identifying sensitive data) will trigger recording, which helps meet regulatory needs and flag suspicious activities,” the watchTowr researchers noted in the report.
The following supported versions of Citrix Session Recording are affected by the vulnerability:
Long Term Service Release (LTSR)
IONIX customers will see updated information in the threat center of the IONIX portal. Citrix claims CVE-2024-8068 and CVE-2024-8069 can be exploited only under very specific circumstances, and we have not yet found exploited Citrix instances in the wild.
Citrix (vendor) advisory, https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US
Citrix Recording Manager Zero-Day Allows Unauthenticated RCE, https://www.darkreading.com/cloud-security/citrix-recording-manager-zero-day-bug-unauthenticated-rce
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration, https://thehackernews.com/2024/11/new-flaws-in-citrix-virtual-apps-enable.html
