{"uuid": "b986c3fc-7bbc-44de-bd7e-5d904c807a87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8068", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/7236", "content": "CVE-2024-8068,\u00a0 8069: Vulnerability in Citrix Virtual Apps Allows RCE Attack Via MSMQ Misconfiguration\n\nCitrix Virtual Apps and Desktops \u2014 Unauthenticated RCE\n\nThis vulnerability in Citrix Virtual Apps and Desktops enables unauthorized users to achieve remote code execution through a misconfigured Microsoft Message Queuing (MSMQ) service accessible over HTTP. The issue stems from using an outdated BinaryFormatter for data deserialization, allowing attackers to run commands with SYSTEM privileges on the Citrix server.\n\n\ud83d\udd17 Research:\nhttps://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/\n\n\ud83d\udd17 Source:\nhttps://github.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit", "creation_timestamp": "2024-11-28T11:22:48.000000Z"}