{"vulnerability": "cve-2024-8069", "sightings": [{"uuid": "7ed022f8-cff6-4239-ba4a-4311b9e340c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113476070561952671", "content": "", "creation_timestamp": "2024-11-13T14:17:04.989918Z"}, {"uuid": "a7b88954-a81c-4e16-9fbb-0fe639349837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0440", "content": "", "creation_timestamp": "2024-11-13T08:51:17.000000Z"}, {"uuid": "caf53310-d871-4ea6-a617-58c434794596", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113470897346004162", "content": "", "creation_timestamp": "2024-11-12T16:21:28.051556Z"}, {"uuid": "4122b6e0-dc72-4f44-a053-6642b187c3a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "https://cyberplace.social/users/GossiTheDog/statuses/113472082802025796", "content": "", "creation_timestamp": "2024-11-12T21:23:09.366930Z"}, {"uuid": "65c5ddb8-35ad-49fb-a9e2-4ec66bd55f35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/113521297765325676", "content": "", "creation_timestamp": "2024-11-21T13:58:57.417825Z"}, {"uuid": "641a2479-d345-484d-bc89-64d8a6065b03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113584511246645504", "content": "", "creation_timestamp": "2024-12-02T17:54:58.827831Z"}, {"uuid": "d03e33ac-6f01-4780-8981-2b6f82a0ac59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-11-13)", "content": "", "creation_timestamp": "2024-11-13T00:00:00.000000Z"}, {"uuid": "f75f22e0-4e82-4857-81b1-8c62cb615b13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-11-14)", "content": "", "creation_timestamp": "2024-11-14T00:00:00.000000Z"}, {"uuid": "2587ea3c-e727-491e-80aa-e51c06190fde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/115090539180631962", "content": "", "creation_timestamp": "2025-08-25T17:17:41.396577Z"}, {"uuid": "5bc151a8-deb5-4995-b744-e16cbe054116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-24)", "content": "", "creation_timestamp": "2025-02-24T00:00:00.000000Z"}, {"uuid": "88fe297d-2ba5-4526-b4da-f842dc3abb43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-09-29T03:12:15.000000Z"}, {"uuid": "339ccab4-0d2c-4e74-ac92-54746501bd0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-09-28T08:23:31.000000Z"}, {"uuid": "d824cdfa-e86f-4449-966f-cb68b8a0f2ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "https://bsky.app/profile/infosecindustry.bsky.social/post/3lxaogpeudr2b", "content": "", "creation_timestamp": "2025-08-25T18:55:29.323100Z"}, {"uuid": "246d4bce-c457-48f7-b29e-401aa8152ce3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3lxasaqtnw327", "content": "", "creation_timestamp": "2025-08-25T20:03:44.092514Z"}, {"uuid": "9ba44d64-e6a2-4df2-968a-5b2a762feb89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3lxaxynuxgs2i", "content": "", "creation_timestamp": "2025-08-25T21:46:34.886680Z"}, {"uuid": "86983981-5cc9-48a9-aa6a-2a2c8813bda8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/4612623", "content": "", "creation_timestamp": "2025-08-25T21:01:06.444618Z"}, {"uuid": "ab615895-362f-4a7a-a262-c16755e8b891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "https://t.me/hackyourmom/12469", "content": "CISA \u0434\u043e\u0434\u0430\u043b\u0430 3\ufe0f\u20e3 \u043d\u0435\u0431\u0435\u0437\u043f\u0435\u0447\u043d\u0456 \u0443\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0456 \u0434\u043e KEV. \u0414\u0432\u0456 \u0441\u0442\u043e\u0441\u0443\u044e\u0442\u044c\u0441\u044f Citrix Session Recording (CVE-2024-8068, CVE-2024-8069) \u0456 \u0434\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442\u044c \u043f\u0456\u0434\u0432\u0438\u0449\u0435\u043d\u043d\u044f \u043f\u0440\u0438\u0432\u0456\u043b\u0435\u0457\u0432 \u0442\u0430 \u0432\u0438\u043a\u043e\u043d\u0430\u043d\u043d\u044f \u043a\u043e\u0434\u0443. \u0422\u0440\u0435\u0442\u044f \u2014 CVE-2025-48384 \u0443 Git \u0456\u0437 CVSS 8.1, \u043c\u043e\u0436\u0435 \u043f\u0440\u0438\u0437\u0432\u0435\u0441\u0442\u0438 \u0434\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0443 \u0448\u043a\u0456\u0434\u043b\u0438\u0432\u043e\u0433\u043e \u043a\u043e\u0434\u0443 \u043f\u0456\u0434 \u0447\u0430\u0441 \u043a\u043b\u043e\u043d\u0443\u0432\u0430\u043d\u043d\u044f \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0456\u0457\u0432 \ud83d\udc7e\ud83d\udcbb \u0411\u0456\u043b\u044c\u0448\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u0438\u0446\u044c \ud83d\udc48 #cybernews", "creation_timestamp": "2025-08-26T09:12:04.000000Z"}, {"uuid": "a20f1be5-a47d-46ce-9c24-dc7544583465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9227", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aCitrix Virtual Apps and Desktops (XEN) Unauthenticated RCE\nURL\uff1ahttps://github.com/XiaomingX/cve-2024-8069-exp-Citrix-Virtual-Apps-XEN\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-11-29T03:04:45.000000Z"}, {"uuid": "1e22ca3a-946e-4e6f-b594-bdcc2d3cc6db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-8069", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ba62f760-84a8-4741-9958-2fdd85ef1152", "content": "", "creation_timestamp": "2026-02-02T12:25:54.489262Z"}, {"uuid": "c7aa80d0-328b-454d-8641-7195ace084c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3895", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-8069\n\ud83c\udfe2 Vendor: Citrix\n\ud83d\udda5\ufe0f Product: Citrix Session Recording\n\ud83d\udd39 Description: Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server\n\ud83d\udccf Published: 2024-11-12T00:00:00Z\n\ud83d\udd17 References:\n1. https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-11-13&host_type=src&vulnerability=cve-2024-8069\n2. https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-11-14&host_type=src&vulnerability=cve-2024-8069\n3. https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-11-15&host_type=src&vulnerability=cve-2024-8069\n4. https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-11-16&host_type=src&vulnerability=cve-2024-8069\n5. https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-11-17&host_type=src&vulnerability=cve-2024-8069\n6. https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-11-18&host_type=src&vulnerability=cve-2024-8069\n7. https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-11-19&host_type=src&vulnerability=cve-2024-8069\n8. https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-11-20&host_type=src&vulnerability=cve-2024-8069\n9. https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-12-20&host_type=src&vulnerability=cve-2024-8069\n10. https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-12-21&host_type=src&vulnerability=cve-2024-8069\n11. https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-12-26&host_type=src&vulnerability=cve-2024-8069\n12. https://infosec.exchange/@shadowserver/113471909797234133\n13. https://isc.sans.edu/diary/31446", "creation_timestamp": "2025-02-08T23:20:42.000000Z"}, {"uuid": "96e7dece-bd6d-4ea0-aaf0-6b8d32320df8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "published-proof-of-concept", "source": "https://t.me/ZeroEthical_Course/2110", "content": "WatchTowr POCs:\nCVE-2024-8068 & CVE-2024-8069 : Citrix Virtual Apps and Desktops (XEN) $versions - Unauthenticated Remote Code execution (Chain) \nPOC/AN : https://github.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit\nCVE-2024-47575 : Fortinet FortiManager 'Fgfmsd' $versions Unauthenticated Remote Code Execution (AKA FortiJump)\nPOC/AN : https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575\nCVE-2024-0012 & CVE-2024-9474 : PAN-OS $versions - Authentication Bypass LPE Root Command Injection (AKA Sslvpn _ Chain)\nPOC/AN : https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012/\n\n\ud83d\udd34 Share & Support Us \ud83d\udd34\n\u26a1\ufe0f Channel : @ZeroEthical_Course", "creation_timestamp": "2024-12-03T00:18:01.000000Z"}, {"uuid": "ea15cfa4-6f86-46a0-9e60-b817598ba052", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "seen", "source": "https://t.me/cvedetector/10676", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-8069 - Citrix Session Recording Privilege Escalation Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-8069 \nPublished : Nov. 12, 2024, 6:15 p.m. | 21\u00a0minutes ago \nDescription : Limited remote code execution with privilege of a NetworkService Account access\u00a0in\u00a0Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T19:44:08.000000Z"}, {"uuid": "18b703a9-8bab-454f-94f2-23a2d3f71798", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/4097", "content": "#GitHub #Tools \n\nDevil is a tool that is basically made for facebook to Hack target accounts , BruteForce Attack , grab friendlist accounts , yahoo chacker , Facbook Friend information gathering tool , auto likes reactions & much more i hope you enjoy this tool i'm not responsible if you use this tool for any illegal purpose.\n\nhttps://github.com/evildevill/Devil\n\nOSINT tool to find informations about a github user (email2username, username2email, creation date ...)\n\nhttps://github.com/hippiiee/osgint\n\nCitrix Virtual Apps and Desktops (XEN) Unauthenticated RCE\n\nhttps://github.com/XiaomingX/cve-2024-8069-exp-Citrix-Virtual-Apps-XEN\n\n#Offensive_Security\n\n1. PowerShell PoC to bypass Entra/Intune Compliance Conditional Access Policy\n\nhttps://github.com/zh54321/PoCEntraDeviceComplianceBypass\n\n2. Svartalfheim - Stage0 Shellcode to Download a Remote Payload and Execute it in Memory\n\nhttps://github.com/NtDallas/Svartalfheim\n\n#HackersFactory", "creation_timestamp": "2025-01-22T04:33:01.000000Z"}, {"uuid": "e1d53f85-dcff-4d7f-a0b1-156d215145e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "published-proof-of-concept", "source": "https://t.me/Leak_DBMS/1524", "content": "WatchTowr POCs:\nCVE-2024-8068 & CVE-2024-8069 : Citrix Virtual Apps and Desktops (XEN) $versions - Unauthenticated Remote Code execution (Chain) \nPOC/AN : https://github.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit\nCVE-2024-47575 : Fortinet FortiManager 'Fgfmsd' $versions Unauthenticated Remote Code Execution (AKA FortiJump)\nPOC/AN : https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575\nCVE-2024-0012 & CVE-2024-9474 : PAN-OS $versions - Authentication Bypass LPE Root Command Injection (AKA Sslvpn _ Chain)\nPOC/AN : https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012/\n@APTIRAN", "creation_timestamp": "2024-11-29T13:06:54.000000Z"}, {"uuid": "44a1ba0d-6492-48ba-b40e-56335b7742e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "exploited", "source": "https://t.me/true_secator/6453", "content": "\u041a\u0430\u043a \u043c\u044b \u0438 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f SANS ISC \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Citrix Virtual Apps and Desktops \u0438\u043c\u0435\u044e\u0442 \u043a\u0443\u0434\u0430 \u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438, \u043d\u0435\u0436\u0435\u043b\u0438 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u043d\u044b\u0435 \u0432\u0435\u043d\u0434\u043e\u0440\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0435\u0449\u0435 \u043a \u0442\u043e\u043c\u0443 \u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437 \u0434\u043e\u043b\u0436\u043d\u043e\u0433\u043e \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f.\n\n\u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2024-8068 \u0438 CVE-2024-8069) \u0431\u044b\u043b\u0438\u00a0\u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b\u00a0\u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 watchTowr Labs \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043d\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0443\u0436\u0435 \u043e\u0431\u0437\u0430\u0432\u0435\u043b\u0438\u0441\u044c PoC \u0438 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u043d\u0430 \u043d\u0438\u0445 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438.\n\n\u0410 \u0432 Citrix \u0432\u0441\u0435\u0433\u043e \u043b\u0438\u0448\u044c 5.1, \u043f\u043e\u043b\u0435\u0442 \u043d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u044b\u0439.", "creation_timestamp": "2024-11-20T17:30:05.000000Z"}, {"uuid": "2db7d3ce-ba38-4517-8c05-69f842df39d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8069", "type": "exploited", "source": "https://t.me/true_secator/6426", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 watchTowr Labs \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0435 \u043d\u0430 Citrix Virtual Apps and Desktop, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c Citrix \u0437\u0430\u043f\u0438\u0441\u044c \u0441\u0435\u0430\u043d\u0441\u043e\u0432 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u043e\u043b\u043e\u0432 \u0434\u043b\u044f \u0446\u0435\u043b\u0435\u0439 \u0430\u0443\u0434\u0438\u0442\u0430 \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043d\u0435\u043f\u043e\u043b\u0430\u0434\u043e\u043a.\n\n\u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u044e \u0438\u0437 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0430\u00a0MSMQ\u00a0\u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u043c\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 BinaryFormatter, \u043a \u043a\u043e\u0442\u043e\u0440\u043e\u043c\u0443 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0441 \u043b\u044e\u0431\u043e\u0433\u043e \u0445\u043e\u0441\u0442\u0430 \u043f\u043e HTTP \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e RCE.\n\n\u041e\u0431\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a:\n\n- CVE-2024-8068\u00a0(CVSS: 5.1, \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 NetworkService);\n- CVE-2024-8069\u00a0(CVSS: 5,1, \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0435\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 NetworkService).\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 HTTP \u043d\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u0443\u044e \u043a\u043e\u043d\u0435\u0447\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443 Citrix, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0437\u0430\u043f\u0438\u0441\u0438 \u0441\u0435\u0430\u043d\u0441\u0430.\n\nCitrix, \u043f\u043e\u0445\u043e\u0436\u0435, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043d\u0435 \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u0432 \u0434\u043e\u043b\u0436\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u041f\u043e \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430\u043c \u0441\u0432\u043e\u0438\u0445 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0439 Citrix \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u0434\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0432 \u0442\u043e\u043c \u0436\u0435 \u0434\u043e\u043c\u0435\u043d\u0435 Windows Active Directory, \u0447\u0442\u043e \u0438 \u0434\u043e\u043c\u0435\u043d \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0437\u0430\u043f\u0438\u0441\u0438 \u0441\u0435\u0430\u043d\u0441\u0430, \u0438 \u0432 \u0442\u043e\u0439 \u0436\u0435 \u0438\u043d\u0442\u0440\u0430\u0441\u0435\u0442\u0438, \u0447\u0442\u043e \u0438 \u0441\u0435\u0440\u0432\u0435\u0440 \u0437\u0430\u043f\u0438\u0441\u0438 \u0441\u0435\u0430\u043d\u0441\u0430.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0432 watchTowr \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u043d\u0430\u0441\u0442\u0430\u0438\u0432\u0430\u0442\u044c \u043d\u0430 \u0442\u043e\u043c, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439, \u0430 Citrix \u043f\u0440\u0435\u0443\u043c\u0435\u043d\u044c\u0448\u0430\u0435\u0442 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u0440\u0438\u0434\u0430\u0432\u0430\u044f \u0435\u0439 \u0441\u0440\u0435\u0434\u043d\u0438\u0439 \u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442, \u043a\u043e\u0433\u0434\u0430 \u043d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435 \u044d\u0442\u043e point-click-full-takeover.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043d\u0430 GitHub PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \n\n\u041f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e Shadowserver Foundation \u0443\u0436\u0435 \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u043b\u0430 \u0438 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u0442 \u0437\u0430 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0430\u043c\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u043d\u0430 \u043e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u0445\u0430\u043a\u0435\u0440\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u044b\u043d\u0435\u0441\u0443\u0442 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435  \u0442\u043e\u0447\u043d\u044b\u0439 \u0432\u0435\u0440\u0434\u0438\u043a\u0442 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e CVSS.\n\n\u0411\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.", "creation_timestamp": "2024-11-13T17:00:06.000000Z"}]}